The global outbreak of COVID-19 (Coronavirus) is having an unprecedented impact on people’s day-to-day lives, causing wide-spread panic, closures and financial uncertainty. To make matters worse, cybercriminals are now capitalising on the situation by exploiting the population’s fears with coronavirus-themed phishing attacks.

These attacks aim to trick potential victims out of their login details and financial information by posing as affiliated organisations, such as the World Health Organisation (WHO) and the Government.

Cybercriminals have not only been targeting individuals, either. Organisations in the aerospace, transport, manufacturing, hospitality, healthcare and insurance industries have also reported phishing emails of this nature landing in their inbox.

This blog will highlight a few of the emails that have been circulated regarding Coronavirus, share the indicators to look out for that would identify an email as a phishing attack, and offer top tips on how to stay safe when receiving emails. Let’s get started.

Scam 1: GOV UK

This phishing attempt appears to be from GOV.UK and uses their official logo within the email. It aims to convince individuals that they will be receiving a tax refund due to the Coronavirus outbreak. However, if the ‘Access your funds now’ link is clicked, users are redirected to a fake government webpage, which encourages them to input their financial and tax information.

How to spot this attempt:

Scam 2: World Health Organisation

Hackers are circulating emails that appear to come from the World Health Organisation (WHO) that contain an attachment which infects computers with malicious software called AgentTesla Keylogger. This malware records keystrokes so that hackers can monitor every move you make online.

The WHO is aware that their brand is being used by hackers and have stated that any email that does not come from ’@who.int’, e.g. ‘@who.com’, ‘@who.org’ or ‘@who-safety.org’, is not from them.

How to spot this attempt:

Scam 3: Centres for Disease Control and Prevention

This phishing attempt is even harder to spot as it appears to come from the Centres for Disease Control and Prevention’s (CDC) real email address. However, this has been sent through a spoofing tool.

The link attached in this email directs the user to a fake Microsoft login page, which encourages them to enter their email and password. Once this has been done, the user is directed to the real CDC advice page to make it appear even more authentic, but hackers will then have access to their email account.

How to spot this attempt:

Top Tips

Do:

Don't:

The best defence against scammers in the time of Coronavirus though? A workforce that knows how to protect their - and your! - data whilst working from home.

Our award-winning cyber security awareness courses are designed to support a wide range of devices and can be completed at any time.

Join us on a web demonstration and discover how we can help make secure behaviour part of your organisational culture.