How to Spot and Avoid COVID-19 Pandemic Phishing Scams
Phishing scams are always circulating. Scammers and hackers update their phishing strategies to fit the current news cycle to make their phishing attempts more believable. The current glut of phishing attacks focus on one thing: the COVID-19 pandemic.
Here’s how you spot a COVID-19 phishing scam and how to stay safe online during the pandemic.
How to Spot a COVID-19 Phishing Scam
The coronavirus pandemic is affecting every country in different ways. The online world, however, is still largely open for business. With that comes the threat of hackers, scammers, phishing campaigns, and malware. Just because COVID-19 is forcing people to stay home doesn’t mean that the scammers are also taking a break.
Instead, phishing campaigns are now preying on the fears of people at home, worrying about COVID-19. Scammers are deploying a range of coronavirus phishing tactics, such as “following the links for a cure,” COVID-19 tax refunds and rebates, fake health organization updates, and more.
The difficulty is, as ever, separating the digital wheat from the phishing chaff. So, here are seven coronavirus phishing scam examples you should watch out for.
1. You Might Be Infected
The security researchers over at KnowBe4 spotted a pandemic phishing scam advising potential victims that they are infected. The emails usually carry a subject line such as “COVID-19 CONTACT,” and the phishing email content suggests the reader has come into contact with a confirmed coronavirus case.
To lend the coronavirus phishing email authority, the name of a real-world hospital is used in the signature. The email also comes with a malicious Microsoft Excel attachment posing as a pre-filled hospital form. If the user enables editing in the Excel document, a macro will run, which will download and install a backdoor Trojan.
2. COVID-19 Tax Rebate or Refund
As countries scramble to contain and mitigate the pandemic, scammers are using the prospect of tax relief for individuals and businesses to launch phishing campaigns. The subject matter and style of an email depends on your locale.
In the US, COVID-19 phishing emails carrying the official IRS logo and other seemingly legitimate features are circulating. The email subject line usually contains something like “Stimulus Check,” “Stimulus Payment,” or “COVID-19 Bailout Money.” Plus, the email text will emphasize words like “stimulus,” as well as ask for payment information, to verify the check over the phone, or for other personally identifying information.
The IRS does not and will not contact taxpayers in this manner.
Scammers aren’t taking a COVID-19 break. Be on the lookout for emails, text messages, websites and social media phishing attempts that request money or personal information. To learn more, go to https://t.co/vDM8Y5xCuZ. #COVIDreliefIRS #IRS pic.twitter.com/t5kKeqBBEe
— IRS (@IRSnews) April 9, 2020
“We urge people to take extra care during this period. The IRS isn’t going to call you asking to verify or provide your financial information so you can get an economic impact payment or your refund faster,” said IRS Commissioner Chuck Rettig. “That also applies to surprise emails that appear to be coming from the IRS. Remember, don’t open them or click on attachments or links. Go to IRS.gov for the most up-to-date information.”
It is a similar situation in the UK. After the British government announced that it would contact taxpayers directly to confirm wage assistance schemes and payments, several pandemic phishing emails carrying the official UK government branding began circulating.
Following the link in the phishing email takes you to a website that also carries the official UK government branding. The victim is encouraged to enter their credentials to receive the payment or disclose other personally identifying information.
3. Fake Updates from Health Organizations
As so many health organizations are releasing and updating their active data, there is a steady flow of new information hitting most of us at all times. The difficulty is sifting through the reams of health data to find out which organizations to trust.
If you’re finding it difficult to find a trustworthy source, check out the best COVID-19 health news outlets for the latest updates.
Adding to the confusion are phishing emails containing seemingly accurate news updates. The scammers often use the latest news updates to create an email subject line that mimics the real world, adding authority and authenticity to the scam. It might also contain a chart or other data copied from a health organization site, too.
The following example was spotted by Proofpoint:
However, the email will also feature a link to an external site that will ask for personal data of some kind. Alternatively, the fake health news email will come with an attachment featuring a macro downloader that will install malware on the victim’s computer.
Staying abreast of the latest coronavirus news is important. But you should only engage with news on trusted websites or news outlets, rather than a random email appearing in your inbox.
One option is to use the Google COVID-19 microsite, The Keyword, which filters and analyses fake news relating to the pandemic. Other social media services are also combating the rise in fake pandemic news .
4. COVID-19 Safety Measures or Tricks
At some point, you’ve probably seen an advert carrying the line, “Do X with this one neat trick,” followed by the now-classic meme, “Doctors hate him!” Well, some coronavirus phishing campaigns are using a similar style.
The fake safety measures are often used in conjunction with a fake update from a health organization (see the previous section) to suggest that a doctor or healthcare professional is making the statement.
Content-wise, the email subject matter may contain something similar to “Coronavirus 2020—Safety Tips,” or “SARS-CoV-2 2020 Safety Advice from [health organization].” The email will contain an attachment purporting to list the new and amazing coronavirus safety measures. In reality, it is a phishing document that will install malware.
5. Donate Now to Help the Fight Against Coronavirus
We continue to receive a high volume of reports about fake emails being used to solicit donations to the NHS.
The NHS will never ask you to send money directly to a bank account, or make a payment using Bitcoin.
— Action Fraud (@actionfrauduk) April 9, 2020
Another classic phishing tactic, and one that pulls at the heartstrings.
The number of healthcare professionals battling COVID-19 is causing difficulties in the procurement of enough personal protective equipment (PPE). While this absolutely is an issue in facilities around the world, the doctors and nurses are not emailing you directly and asking for a donation.
Furthermore, they’re certainly not emailing you and asking for a donation toward their PPE in Bitcoin, to be sent to an anonymous Bitcoin wallet, through an unsolicited email.
Although the Tweet above comes from Action Fraud UK, the same tactic is in use in every country.
6. Offering Discount Personal Protective Equipment
Following on from phishing emails asking for donations towards PPE, you might also encounter phishing emails offering you the chance to purchase discount personal protective equipment, too.
These phishing emails are most likely to offer up protective facemasks, hand sanitizer, or other items that have been difficult to source in certain countries. The phishing email usually contains countless spelling and grammatical errors, will have very little real information, and will contain a picture copied from a Google Image search.
The phishing attempt could also contain a link to an e-commerce phishing portal, or a document listing the products as an attachment. The e-commerce portal will steal your banking information and potentially install malware, while the product listing document is likely a malware downloader and installer.
7. Targeting Those Working from Home
The number of people working from home is skyrocketing due to the pandemic. Those that can work from home are likely extremely grateful for their ongoing employment status. However, the downside is that scammers are using phishing emails focusing on those workers.
As companies switch from face-to-face communication to using email, there is the chance that a phishing email with a spoofed email address could slip through your defenses.
The difficulty for many individuals is the lack of specific training on how to spot and reject phishing emails. Some firms will have trained their employees in online security. Others will have only read about what phishing is online.
Others still will simply have no clue.
Phishing emails targeting people working from home will attempt to spoof internal emails. Scammers may attempt to mimic a human resources department or billing department for a major firm.
Spear phishing is a particular concern for people working from home.
Where a regular phishing campaign uses more of a scattergun approach, spear phishing targets an individual. The content of the phishing emails is extremely convincing, relates specifically to you and the organization you work for (or a charity you’re involved with, and so on), and will usually appear to come from within your workplace.
How to Protect Yourself From COVID-19 Phishing Attacks
Protecting yourself from coronavirus phishing attacks isn’t as difficult as it might seem. Despite the number of phishing emails spiking by over 650%, according to Barracuda Networks, most of the phishing content isn’t particularly sophisticated.
That said, vigilance is key. Here’s how you protect yourself from coronavirus phishing:
- Email Links. Do not click on links in emails. If you must click a link, check the URL first. You can hover your mouse cursor over the link, and it will display the address. Is it where you expect the link to go? Does the URL match the name of the organization allegedly emailing you? If you’re unsure, copy and paste the URL into NameCheck’s phishing checker. It’ll give you an instant confirmation if the URL is malicious.
- Refuse Email Attachments. Most phishing emails contain a malicious email attachment. The email attachment downloads and installs malware, which in turn will steal data or otherwise. Learn how you can spot and block malicious email attachments .
- Too Good to Be True. If the content of the email sounds too good to be true, it probably is. That means it is highly unlikely you are receiving your tax rebate weeks ahead of your neighbor. You most likely have not been singled out to receive a super special deal on N95 respirators. There are not 15 free cases of toilet roll waiting for your collection, if only you could make a deposit. The list goes on, but you get the gist.
- Request for Data. Is someone asking you for private information? In an email, you received out of the blue? Don’t give them any of your personal data or information. Email spoofing is a popular phishing technique , and you can learn how to spot it.
- Double-Check. Following on from the request for data, you can always double-check the information in the email is correct. If the suspect email comes from a health organization, complete an internet search to check its veracity. Similarly, when an email asks for a donation towards a specific cause, find out if the charity even exists. A cursory internet search can often help stop most phishing attacks before they begin.
- Install an Antivirus and Anti-malware. You need a line or two of defense to help you out. Consider installing an antivirus suite to protect your online activities. You could also consider installing an anti-malware solution, like Malwarebytes. This comes in two flavors: free or premium. And before you ask, yes, Malwarebytes Premium is worth the outlay .
Avoid Coronavirus Phishing and Stay Safe Online
The rise in phishing emails is unprecedented. Criminals are taking full advantage of COVID-19 in an attempt to scam as many people as possible. If you follow the tips and maintain your online vigilance, you’ll remain secure.
Staying safe is important. But entertainment is important, too, so check this extensive list of self-isolation tips, tricks, and entertainment options .
Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.