Phishing ALERT: Beware of COVID-19 (CoronaVirus) Scams!

 Cybercriminals are using the latest coronavirus (COVID-19) public health concerns to spread scams. As always, exercise caution when you receive an email directing you to open a link or download an attachment.

The coronavirus phishing has taken many forms, including:

  • Notices pretending to come from health organizations (such as the U.S. Centers for Disease Control and Prevention, or local and state  health departments) regarding local diagnoses,
  • Fake updates from an employer about policies or procedures to address the risk, 
  • Misleading information about protecting yourself, your children, or your community, 
  • And false charitable appeals to help those who have contracted COVID-19. 

Be vigilant, look for signs of a scam

Phishing emails will likely include alerts and warnings about the COVID-19 outbreak, along with a link or attachment. Once clicked, the link will take you to a malicious website trying to steal your personal information.

  • Real website: | Scam website:
  • Treat with suspicion any email you did not expect to receive.
  • Look for unprofessionalism, including misspelling and grammar  errors.
  • Message with a tone of distress or urgency in hopes that you will respond instantly. Use your intuition and, if something “feels” wrong, call the sender’s organization to validate the email. If it seems too good to be true, it probably is.
  • Hover over links to see if the web address is legitimate and relates to the email’s content.
  • Check for odd phrases and word choices based on your knowledge of the sender.
  • Verify any email that asks for personal information (such as a birth date, social security number, username or password) by independently looking up the sender’s contact information.
  • Watch for improper or unusual use of copyright information, logos, and graphics that could make the email appear to be official.

Reporting and dealing with Phishing

1.If you receive a phishing email, please do the following 

  1. Please forward the message to [email protected].After reporting to [email protected], you can report phishing directly to Google if you are using the Gmail interface by:
  • Signing in to Gmail.
  • Opening the message you'd like to report.
  • Clicking the triple-dot icon next to Reply, at the top-right of the message pane.
  • Selecting Report phishing.
  1. Delete emails and messages that ask you to confirm or provide personal information.
  2. Do not reply, click on the links, or provide any sensitive information/user credentials.

I already clicked the link. What should I do?

  • Don’t panic – if you provided your credentials; start by changing your passwords. To change your SDSUid Password in Office 365 click here: Change Password
  • Never use the same password on more than one site. Once cybercriminals have your password, they will try to use it on every website where you may have an account.
  • Contact the security by emailing [email protected] to inform the team of the situation. This will help to take any necessary action to protect your information and university resources. 

Also, SDSU has introduced a public-facing site with information about COVID-19, including decisions the university is making to directly address concerns with the global public health issue. Please visit these sites frequently, as they are regularly updated.