The New York Attorney General issued a warning to health care providers, hospitals, and other organizations within the health supply chain that cyber criminals are using targeted COVID-19 phishing emails and texts to gain access to sensitive information. Multiple reports indicate that scammers are sending emails and texts to get a recipient to click on a link purporting to share COVID-19 information that in reality installs malware or permits access to steal passwords and other sensitive information. According to the warning, workers in the healthcare industry may see more advanced phishing emails such as:
- Emails purporting to be from the Centers for Disease Control providing information on treating COVID-19 that contain booby trapped PDFs.
- An email received by hospital staff saying that important deliveries have been stalled to that hospital and requiring the user click on a link that actually executes malicious code.
The New York Attorney General advises the health care industry they “may be at higher risk for phishing attempts” and to stay vigilant when receiving communications purporting to provide information about COVID-19. Further guidance on phishing emails is available on the OAG website here.