Coronavirus Phishing Emails: How to Protect Against COVID-19 Scams

Email phishing campaigns and malware through emails are nothing new, but when combined with something like a global coronavirus spread, the risk can be even higher—adding significant digital risk on top of the physical risk of infection. It’s common for phishing email and malware creators to capitalize on a current issue. After all, their job is to pique the interest of an end user enough to get them to open the email.

How do you spot a COVID-19 phishing email?

Coronavirus-themed phishing emails can take different forms, for example, “CDC Alerts”. Cybercriminals have sent phishing emails designed to look like they’re from the U.S. Centers for Disease Control. The email might falsely claim to link to a list of coronavirus cases in your area. “You are immediately advised to go through the cases above for safety hazard,” the text of one phishing email reads.

So, what do the emails look like? Here’s an example of a fake CDC email:

Tips  to recognize and avoid COVID-19 related phishing emails:

  • Beware of online requests for personal information. A coronavirus-themed email that seeks personal information like your Social Security number or login information is a phishing scam. Legitimate government agencies won’t ask for that information. Never respond to the email with your personal data.
  • Check the email address or link. You can inspect a link by hovering your mouse button over the URL to see where it leads. Sometimes, it’s obvious the web address is not legitimate. But keep in mind phishers can create links that closely resemble legitimate addresses. Delete the email.
  • Watch for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammar errors, it’s likely a sign you’ve received a phishing email. Delete it.
  • Look for generic greetings. Phishing emails are unlikely to use your name. Greetings like “sir or madam” signal an email is not legitimate.
  • Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to get you to click on a link and provide personal information — right now. Instead, delete the message.

So, where are the best places to get legitimate information about the COVID-19 outbreak?

It’s best practice to go directly to reliable sources for information on the coronavirus. Government office and healthcare agencies should be your first stop:

ECMSI’s hosted spam filtering system is a top of the line, multi-layered filtering process that provides the most comprehensive spam protection available. Full-stack email service provides protection against inbound and outbound spam, viruses, phishing attacks and other forms of email-borne malware, denial of service attacks, directory harvesting attacks and other exploits.