Among COVID-19 virus concerns – phishing emails

In addition to good personal hygiene, Purdue faculty, students and staff should also keep up their digital hygiene to avoid falling for malicious emails about COVID-19, also known as Coronavirus.

The federal Cybersecurity and Infrastructure Security Agency (CISA) issued a warning that cybercriminals may send phishing emails pertaining to COVID-19 and containing malicious links or attachments, with the aim of collecting sensitive information or money by advertising a fraudulent charity.

Just as everyone is encouraged to take 20 seconds washing their hands with soap and water, ITaP recommends that everyone take their time when reading and reviewing their email. Any emails, texts or calls related to COVID-19, with the exception of official communications from Purdue, should be reviewed carefully.

CISA recommends the following:

  • Avoid clicking on links in unsolicited emails and be wary of email attachments.
  • Use trusted sources — such as legitimate, government websites — for up-to-date, fact-based information about COVID-19.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
  • Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on charity scams for more information.

In addition, consider these tips on how to spot a phishing email:

  • Provokes fear or urgency. If the email asks that you act fast to avoid a serious consequence, be suspicious.
  • Asks you to click. If an email says to click on a link, move your mouse to hover over it to see where it actually leads. If you even think there’s a problem, don’t click.
  • Uses vague language. If the email is addressed to no one or a generic greeting such as “colleagues” and contains few details, it’s likely a scam. Look for spelling and grammatical errors as well.

If you spot a COVID-19 phishing email, or any phishing email, forward it as an attachment to

Last updated: March 9, 2020