Phishing in the Time of COVID-19: How to Recognize a Malicious Scam

Phishing in the Time of COVID-19: How to Recognize a Malicious Scam

It’s common for scammers to take advantage of emergencies, moments when people are scared, searching for information and vulnerable. The coronavirus epidemic is proving to be no different. As the outbreak of COVID-19 spreads across the world so do malicious phishing attacks.

Here is what you should be watching for:

*Information courtesy of KnowBe4, a Purple Guys Partner

Malicious websites with the purpose of infecting your device with malware. Watch out for sites such as Coronavirus(.)com or Corona -virus-Map(.)com. Since January there have been thousands of websites registered containing the word ʻcoronaʼ and many of those are suspicious. Some of these websites distribute malware.

Spam emails trying to grab your curiosity by using conspiracy themed catchphrases, such as “censored”, to try and sell information (paid-for videos) or goods that are now in high demand, such as masks, hand sanitizers or vitamins, for example.

Phishing scams that appear to come from organizations such as the CDC (Centers for Disease Control) or the WHO (World Health Organization). The scammers have crafted emails that appear to come from these sources, but they actually contain malicious phishing links or dangerous attachments. There are also emails that claim to have a “new” or “updated” list of cases of Coronavirus in your area. These emails contain dangerous links.

Fake charities emails and websites that ask for charity donations for studies, doctors, or victims that have been affected by the COVID -19 Coronavirus. Scammers often create fake charity emails after global disasters or pandemics like the COVID-19 outbreak.

Fake internal HR or I.T. communication such as coronavirus surveys impersonating your HR or I.T. department -the objective here is to steal your username and password. To access the ʻdocumentʼ or ʻsurveyʼ, the recipient has to provide their Office 365 credentials on a fake site – thus compromising their Office 365 account.

Stimulus check scams, as news that the government is likely to send upwards of $1000 to most Americans it has created a golden opportunity for scammers, especially since the delivery method for the cash is uncertain. Be on the lookout for phishing emails asking you to verify your personal information to receive the economic stimulus check.

Educate your team

Now is the time to be educating your team to spot and correctly handle malicious attacks landing in their inboxes, voicemails, and messaging apps. This is a great time to offer a refresher course to help avoid the human element that cybercriminals try to exploit. Please remind them to:

  1. Never click on links or open attachments from an email that you weren’t expecting
  2. If you receive a suspicious email that appears to come from an official organization such as WHO, report the email to your security team to double-check.
  3. If you want to make a charitable donation, go to the charity website of your choice to submit your payment. Type the charity’s web address in your browser instead of clicking on any links in emails or other messages.

Tools to stay safe

KnowBe4 is now offering its Email Exposure Check Pro for free. This tool will allow you to easily identify your at-risk users by crawling business social media information and thousands of data breach databases, to ultimately give you a report that will show:

  1. What your organizational structure looks like to an attacker, which they can use to craft spear-phishing attacks.
  2. Show you which of your users have had their account information, including passwords, exposed in any of the several thousand breaches.
  3. Provide you with your organization's current risk levels.

To learn more or to get your free EEC report in less than 5 minutes, visits KnowBe4 HERE!

Still, have questions about implementing a security awareness training program for your organization or how to find out your exposure risk? We are happy to help you navigate our evolving world and answer any specific questions you may have. You can email Please stay safe and informed!