AG Ellison, tech experts warn of phishing schemes during COVID-19 outbreak

Tuesday, Minnesota Attorney General Keith Ellison warned residents of a "reported spike" in phishing attacks related to COVID-19.

Phishing is a scam where victims have their personal or financial information stolen from them through deceptive electronic messages.

"I can tell you that I've been in touch with the federal authorities on this and the state as well," Ellison said. "We are on the alert."

A day before Ellison's warning to the public, 5 INVESTIGATES learned Minnesota's IT services (MNIT) sent an internal alert to every state employee, including examples of email scams specifically tailored to concerns about COVID-19.

MNIT has observed phishing schemes that include fake COVID-19 tracking maps that distribute malware, COVID-19 smartphone apps that distribute malware and scam websites that impersonate the Centers for Disease Control and Prevention and the World Health Organization.

"I'm very glad to see the state of Minnesota sent that email out," said data security expert Mike Satter. He says his company OceanTech is also tracking and uptick in reports of suspicious messages from several of its more than 2,000 clients.

"Even last night, I was talking to a Fortune 500 CEO (who said) he received one of these types of emails to his personal email address," Satter said. "High stress jobs, high stress situations, sometimes you're not thinking. And this is the prime opportunity for these cybercriminals."

Satter said a fake Netflix alert, telling recipients their service is about to be terminated, is also becoming more prevalent, possibly looking to take advantage of those who are staying home.

"They could compromise your identity with the information you provide. As well as ransomware — we have heard of situations where once you click on a link, your device or computer will lock up and you have to pay the cybercriminal to gain access back to your data or system," Satter said.

On Tuesday, MNIT Commissioner Tarek Tomes e-mailed the following statement to 5 EYEWITNESS NEWS:

“Minnesota state systems have layers of protection that work to keep phishing attacks out of state employee inboxes. We know malicious actors attempt to deceive by using topics that resonate with the current environment, and coronavirus-related messages are more active at this time in phishing attacks. Cyberattacks only continue to grow in precision and sophistication, and we must always stay one step ahead to keep our state systems and data secure. To that end, Minnesota IT Services remains committed to working with our government partners to keep the services that Minnesotans depend on – and the information they entrust to us – as stable and secure as possible in the days, weeks, and months ahead.”

Follow KSTP's COVID-19 coverage here

Minnesotans are urged to file a complaint about any potential scams they come across.

For tips on how to avoid phishing scams, click here.

AG Ellison warns Minnesotans of potential COVID-19 charity scams