COVID-19 Phishing Activity: How to Stay Safe Online


Posted on: April 6, 2020

COVID-19 phishing activity data concept

The COVID-19 pandemic has provided cybercriminals with a golden opportunity to target victims online. Since January 2020, the registration for domains containing the word “corona” has increased and there are currently more than 30,000 domains that include the keyword. According to Whoxy, a domain search engine, an average of 200-300 websites that include the name “corona” are registered daily, with a number of these newly registered domains used to distribute malware and run aggressive coronavirus phishing campaigns. So, how can you protect yourself and practice information risk management?

Be vigilant when it comes to COVID-19 phishing emails claiming to be from government and international agencies

The World Health Organization (WHO) warned that criminals have been targeting internet users with malicious, COVID-19 themed email campaigns that may include malware, ask for login information, include compromised email attachments, redirect people to dangerous websites other than WHO‘s website, or ask for direct donations to emergency response plans. The emails may also trick users into making a call to a fake agency using a pay-per-minute telephone number.

Be cautious – these emails are likely not from the government or an agency leading the COVID-19 response. To follow timely updates and new guidelines, it is best to go directly to the source and visit the websites directly by typing into Google, bookmarking the page, or typing in the address bar.

Be cautious of emails offering vaccines, masks, and other protective items

Scammers have been using people’s concern for their own health and that of their loved ones, and sharing emails offering cheap anti-coronavirus vaccines and protective items, preying on fear. Remember that, to date, there have been no COVID-19 vaccines approved by any health organization. While drug trials are underway, there are currently no certified anti-coronavirus vaccines, drugs, or products available for purchase. Do not fall for the appealing offers. If it sounds too good to be true, it probably is.

Be wary of emails asking for donations or investment in COVID-19 research

Criminals have been sending emails asking for donations or investments to fund breakthrough COVID-19 cure research. These emails can also offer a false, high-profit margin. Do not send funds or share financial details with unverified senders. Always think twice – check the sender’s email address and review any link before clicking.

During these unprecedented times, do not allow panic and fear-mongering to drive your activity on the internet. Remember that the best defense against preying cyber criminals is user awareness and education on malicious phishing campaigns.

For more pandemic related insights, check out How Not to Become the Next Victim of a Breach. You can also check our free Resilience Toolkit.