COVID-19 Themed Phishing Emails

COVID-19 is unfortunately here to stay for the foreseeable future. One of the many harmful side effects of the pandemic is that the public are becoming increasingly vulnerable to phishing scams associated with the crisis.  In this post we look at COVID-19 Themed Phishing Emails – what are they, how to spot them and what to do about them. 

Google have announced that in the last week alone, an average of 18 million COVID-19 phishing emails were sent per day via Gmail, despite their use of a sophisticated malware scanner. Plus, the rapid spate of COVID-19 scams was flagged by the UK’s National Cyber Security Center and the US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) earlier this month.

Why are these emails dangerous?

If not dealt with in an effective manner, phishing emails can lead to theft of your personal information, passwords, identities, and sensitive company information. Plus, they have the ability download ransomware software to your computer or laptop that obtains private documents and holds them hostage for money – i.e. blackmail you.

It’s likely that your inbox will be full of emails from businesses updating you on their social distancing policy and other measures that they’ve put in place in order to combat COVID-19.  While the majority of these will be legitimate, it’s highly probable that phishing scams will infiltrate your inbox during this time too.

What to look out for

COVID-19 themed phishing emails can take different forms, including:

  •       Emails posing to be from the World Health Organisation, falsely claiming information on the number of virus cases in your area
  •       Health advice emails, claiming to be from medical experts in China, advising you to click on a link for more information on health measures
  •       Updated workplace policy emails, claiming to hold information on update policies to accommodate COVID-19

How to avoid scammers

The majority of phishing emails will try to encourage you to click on a link or provide personal information that will be used to commit fraud.  To avoid this happening, we advise the following:

  • Beware of emails that request personal information.  Never respond to these.

  • If you suspect that an email may be from a scammer, always check the ‘from’ email address in the email header. Often, it’s obvious that the email isn’t from who it should be.

  • Watch out for “out of the norm” spelling.  If an email includes multiple spelling, punctuation and grammatical errors, it’s likely to be a phishing attempt.

  •  If an email is telling you to act now, it’s also likely to be a scam.  Phishing emails will often encourage you to do something immediately – don’t.  Instead, check with team members / IT support team and delete the email if necessary.

  • Watch out for a generic greeting.  It’s unlikely a scammer will have your personal details, so may address you with ‘dear sir or madam’

COVID-19 Themed Phishing Emails IT-MSP

What organizations can do to protect themselves?

Whether you’re working alone or seeking the services of IT support in London, you need to increase cyber security at your workplace. You can do this in the following ways:

• Educate employees
With cyber security, it’s important for your employees to actively apply the action plans. However, if they do this, they need to be educated about cyber crime, the attacks they may experience and what they can do to stop this from happening.

• Structure and safe-guard your data
The most-important thing to do is for you to identify what data is important for your organisation. That way you can re-structure data and add additional levels of protection. Backups and recovery plans must be in place to also ensure safety in case of a cyber attack. Therefore, this exercise will help you identify if there is any data theft.

• Draft a response plan
Set up a cyber security team in your organization. Ask them to come up with a flexible plan and apply this to keep your data safe. You can also seek input from your IT support.

• Equip yourself with new-age skills
Finally, upgrade your cyber security skill sets by having someone personally trained. Remember that just as hacking technology becomes more tricky, so does anti-hacking security technology. We would advise you to consult an IT company for the latest technology.

COVID-19 Themed Phishing Emails IT-MSP

About IT-MSP

IT-MSP was founded in 2017 to provide London’s small & medium businesses with end-to-end IT services, right from purchasing and installing hardware to providing Mac, Windows & Linux support, cloud solutions, and data backup. We support our clients using proven, high-quality systems and security practices that blue-chip companies take for granted.

We consistently achieve excellent client satisfaction thanks to a process-driven approach, concise documentation and our team of friendly and highly trained London based engineers.

Youssef Baiza



2 Responses

Leave a Reply

Your email address will not be published. Required fields are marked *