A new malware campaign is taking advantage of the flu season by sending phishing emails that appear to be urgent communications from the Centers for Disease Control and Prevention.
The CDC recently released an alert about the phishing campaign: https://www.cdc.gov/media/releases/2019/s0322-phishing.html
Here are some steps you can take to protect yourself, and your organization:
- Don't trust email links or attachments. Bad actors like to compromise the email accounts of people and organizations you trust and then send email from those accounts asking you to take certain actions, such as reading an attachment or going to a link.
- Telltale signs of a potential phishing email include messages from companies you don't have accounts with, spelling mistakes, and unexpected messages urging you to respond quickly, such as "Unpaid Invoice."
- If a company or organization sends you a link or phone number, don't click. Instead, look up the web page yourself in a search engine and use that address instead. The same rule applies to phone numbers. Do not use the phone numbers provided in an email. It could go straight to the bad actor.
- Turn on two-factor authentication for your accounts. This requires both your password and an additional piece of information to log in to your account. The second piece could be a code sent to your phone, or a random number generated by a smartphone app. This protects your account even if your password is compromised.
- Reboot your work devices regularly. Regularly shutting down and rebooting your laptop will receive the latest security patches.