• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Taking over millions of developers exploiting an Open VSX Registry flaw

 | 

OneClik APT campaign targets energy sector with stealthy backdoors

 | 

APT42 impersonates cyber professionals to phish Israeli academics and journalists

 | 

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

 | 

Cisco fixed critical ISE flaws allowing Root-level remote code execution

 | 

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

 | 

CitrixBleed 2: The nightmare that echoes the 'CitrixBleed' flaw in Citrix NetScaler devices

 | 

Hackers deploy fake SonicWall VPN App to steal corporate credentials

 | 

Mainline Health Systems data breach impacted over 100,000 individuals

 | 

Disrupting the operations of cryptocurrency mining botnets

 | 

Prometei botnet activity has surged since March 2025

 | 

The U.S. House banned WhatsApp on government devices due to security concerns

 | 

Russia-linked APT28 use Signal chats to target Ukraine official with malware

 | 

China-linked APT Salt Typhoon targets Canadian Telecom companies

 | 

U.S. warns of incoming cyber threats following Iran airstrikes

 | 

McLaren Health Care data breach impacted over 743,000 people

 | 

American steel giant Nucor confirms data breach in May attack

 | 

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

 | 

Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes' Data from Saudi Games

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 50

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Cyber Crime
  • Hacking
  • Malware
  • How to Protect Against COVID-19 Email Scams

How to Protect Against COVID-19 Email Scams

Pierluigi Paganini April 21, 2020

The increasing number of news articles circulating on the internet in the wake of COVID-19 has resulted in the rise of Phishing attacks which feed on people’s fears.

Phishing emails have been driven up to 600% since the end of February as cybercriminals capitalize on people’s fears. COVID-19 phishing emails have been said to make up an approximate of 15% of all spam mails to offices during the last week of March.

In fact, in USA phishing emails make up about half of the total spam mails. According to Mimecast Threat Intelligence data in the UK, Unsafe clicks peaked above 160,000 which is far more than the approximate 100,000 unsafe clicks in the US.

How Phishing Attack Works?

Till intentions of certain cybercriminals who are sending emails with malicious software that downloads on your device, disguised as attachments with the latest statistics regarding the pandemic are the primary mechanism for how phishing attacks are being executed in the current conditions.  

Mimecast has seen a 234$% increase in the COVID-19 related web domains and sub-domains registration in the last week of March to the end of March, about 60,000 sites out of the entirety have been legitimized whereas the rest are not. “These are all the same old attacks-nothing actual new. It’s just a different lure,” noted Steven Sarkisian, Mimecast’s Global Manager-Messaging Security.

How to know which coronavirus email is “phishing email”?

Coronavirus emails come in multiple forms. They can take the form of emails from the US Centers for Disease Control and make false claims as CDC warns. The email can claim to be a report of the COVID-19 cases in your area as well. They can take the form of Health advice emails claiming to be from medical experts near Wuhan, China.

6 Tips for recognizing and avoiding phishing emails

However, you can defend against the scams by taking certain protective measures that are listed below:

  1. Do not give your personal information: A common theme for most coronavirus phishing emails seems to be the inquiry for personal information such as Social Security Number or login information. Authentic emails from verified sources would not require this.
  2. Grammar and language used in the emails: These emails are usually not properly punctuated and have grammatical errors; this is a clear indicator that they are a hoax.
  3. Persuasion for Instant Action: Males from authentic sources would not create a necessary sense of urgency and would usually not probe one to take drastic actions.
  4. Email Address: At times, most often it is clear that the male sent is one that is not from a legitimate source by looking at the email address it is sent from, which one can inquire while hovering the mouse over the URL source.
  5. Avoid Generic Greetings: Phishing emails usually refer to the receiver with a generic greeting like ‘Sir/Madam”, unlike those from official sources, therefore such mails should be avoided.
  6. Use a VPN: You should use a cheap VPN to deceive hackers as they will not be able to trace your email address. By doing so, you will not receive any phishing emails.

Trusted Resources for Collecting Information about COVID-19

There are several official and legitimate sources where one can refer to instead of following such scams via emails. These sources can include referring to the CDC website which covers all things essential related to the virus such as:

  • Symptoms
  • Steps to take once a person contracts the virus
  • Measures for Prevention
  • Number of cases reported
  • Steps for social distancing
  • Information from the local offices

World Health Organization (WHO) provides a plethora of information that includes the measures for protection, travel guidance and queries to common questions even.

National Institute of Health (NIH) websites is also a reliable source for global updates on the pandemic, it includes information from international and national government organizations as well.  It includes all the necessary guidance regarding the virus.

Google.com has also set up a search alert with the keywords “COVID-19” or “Coronavirus”. One can get the latest updates regarding the pandemic by the use of the above keywords.

Conclusion

Unfortunately, even in these trying times, you will find cybercriminals planning to capitalize on people’s fears.

“This is a new low for cybercriminals who are acting like piranha fish, cowardly attacking people on mass when they are at their most venerable,” said the MP Dean Russell, member of the Health and Social care committee. “It’s vital that the public remains vigilant against the scam emails during this challenging time”.

It is upsetting that the computer users are now exposed more than ever to phishing scams and cybercriminals are willing to go to the mile even in special circumstances such as this.

However, by taking the necessary measures mentioned above and spreading awareness regarding this, these attacks can be prevented to a great degree.

About the author Rohail Abrahani

Rohail Abrahani is a Cybersecurity Researcher and Analyst with 5 years of experience. He likes to write on topics related to Internet Privacy, Artificial Intelligence, and Emerging Technologies.

Twitter Handle: https://twitter.com/rohailabrahani

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – COVID19, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

coronavirus Email Scams Hacking information security news it security it security news phishing Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini June 27, 2025
Taking over millions of developers exploiting an Open VSX Registry flaw
Read more
Pierluigi Paganini June 27, 2025
OneClik APT campaign targets energy sector with stealthy backdoors
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Taking over millions of developers exploiting an Open VSX Registry flaw

    Hacking / June 27, 2025

    OneClik APT campaign targets energy sector with stealthy backdoors

    Hacking / June 27, 2025

    APT42 impersonates cyber professionals to phish Israeli academics and journalists

    APT / June 27, 2025

    Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

    Cyber Crime / June 26, 2025

    Cisco fixed critical ISE flaws allowing Root-level remote code execution

    Security / June 26, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT