Phishing in the name of COVID-19

The COVID-19 has changed our day to day activities and lives. Everybody is concerned, and with that concern comes the desire for information and support. Cyber criminals are exploiting the fear, uncertainty and doubt which COVID-19 brings to target individuals and businesses in a variety of ways.

Increased risk working from home

For an example as most of the workers are working from home, they will need applications like video teleconferencing software for meetings, screen recording software and most of the time they will be communication over email. This is a good opportunity for cyber criminals to launch their attacks and phishing is one of the easiest and critical attacks among them. The reason for this is that even if the operating system is up to date and patched and there are no vulnerable components in the user’s pc, the attacker can still successfully perform an attack because this is based on social engineering.

Information security researches have seen a rapid buildup of infrastructure used by cybercriminals in order to launch COVID-19 themed spear-phishing attacks. These attacks are being used to lure targets to fake websites seeking to collect Office 365 credentials.

Phishing scams are typically fraudulent messages appearing to come from legitimate enterprises (e.g., your university, your bank, your Internet service provider or a social media site you are daily using). These messages usually direct you to a spoofed website or otherwise get you to disclose private information like passwords, credit card information or other account data. These crude social engineered traps will induce panic in the reader and trick the reader into responding or click immediately by claiming that they’ll lose something (e.g., Social media account, bank account or mail account).

Then this stolen sensitive data will be used to commit identity theft and fraudulent activities.

Examples of campaigns mounted include
  • COVID-19 themed phishing emails attaching malicious Microsoft documents which exploit a known Microsoft vulnerability to run malicious code.
  • COVID-19 themed phishing emails attaching macro-enabled Microsoft word documents containing health information which trigger the download of Emotet or Trickbot malware.
  • Multiple phishing emails luring target users to fake copies of the Center for Disease Control (CDC) website which solicit user credentials and passwords.
  • Phishing emails purporting to come from various government Ministries of Health or the World Health Organization directing precautionary measures, again embedding malware.
  • COVID-19 tax rebate phishing lures encouraging recipients to browse to a fake website that collects financial and tax information from unsuspecting users.

Typical giveaways that an email may be suspect include

  • Poor grammar, punctuation and spelling.
  • Design and quality of the email isn’t what you would expect.
  • Not addressed to you by name but uses terms such as “Dear colleague,” “Dear friend” or “Dear customer”.
  • Includes a veiled threat or a false sense of urgency.
  • Directly solicits personal or financial information.
What you can do
  • Raise awareness amongst your team warning them of the heightened risk of COVID-19 themed phishing attacks.
  • Share definitive sources of advice on how to stay safe and provide regular communications on the approach your organization is taking to the COVID-19 pandemic.


WHO provides a range of information, including how to protect yourself, travel advice, and answers to common questions.

  • Make sure you set up strong passwords, and preferably two-factor authentication, for all remote access accounts; particularly for Office 365 access.
  • Provide remote workers with straightforward guidance on how to use remote working solutions including how to make sure they remain secure and tips on the identification of phishing.
  • Ensure that all provided laptops have up to date anti-virus and firewall software.
  • Run a helpline or online chat line which they can easily access for advice or report any security concerns including potential phishing.

Make sure that your finance processes require finance teams to confirm any requests for large payments during the COVID-19 pandemic using a different channel other than the usual communication methods like email. This confirmation can help to guard against the increased risk of business email compromise and CEO frauds. Ideally, use a different channel such as phoning or texting to confirm an email request.

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.