Skip Navigation

March 17, 2020 |

Don’t click: COVID-19 phishing scams on the rise

Last updated: January 26, 2023

Loading table of contents...

As COVID-19 continues to make its impact across the world, it can be challenging to stay cool-headed.

Health and safety have never been more critical. At the same time, cyber criminals are finding new ways to exploit COVID-19 fears and take advantage of anxious workforces.

At at time like this, the last thing you need is to deal with a cyber attack and the aftermath. Stay a step ahead of the attackers by learning the factors driving new cyber crime in the COVID-19 events, the tactics emerging, and tips for avoiding these scams.

More remote workers and connections

Businesses worldwide are enabling employees to work remotely to avoid spreading the virus. While this enables operations to continue, it also presents new security challenges.

For example, companies may be in various stages of enabling flexible work. Some that rely on virtual teams to keep things running may have secure remote access capabilities such as hardened VPN access and firewalls already in place—others may not have the tools or security measures ready to support virtual work on a wider scale.

Unfortunately, enabling safe remote access requires proper security controls. Businesses should be diligently monitoring remote access system behaviours, communicating best practices, and applying fundamental security measures such as:

These measures ensure connections to the network and web browsing from remote workers stay private and secure. The right cyber security solution, for example, can detect Remote Desktop Protocol (RDP) activity from external sources into user networks, generate alerts when network connections from common Remote Administration Tools (RATs) happen, and detect anomalous logins on cloud-based services.

COVID-19 advice or dangerous malware?

New COVID-19 email and web scams are also playing on uncertainty and fears. Attackers disguise emails as health and safety updates from authorities or urgent alerts with mandated actions and requests. They claim to be organization representatives asking the victim to click a link, open an attachment, or provide sensitive information such as usernames or passwords.

Here are two examples:

  • Phishing scams supposedly from the World Health Organization offering COVID-19 information, encouraging recipients to view an attached file. Clicking distributes GuLoader malware that installs an information-stealing trojan (FormBook).
  • Phishing emails sent to Italian email addresses, offering an attached Word document with advice on preventing infection. However, the document contains a Visual Basic script that downloads and executes a variant of the Trickbot banking trojan.

Tips for avoiding COVID-19 cyber scams

Learning to recognize signs of phishing can be tricky. Urgent requests for action or information, typos and misspelled emails, and unfamiliar email addresses, are all signs. Stay calm and when in doubt, don’t click! Additionally, avoid downloading and installing any software/apps specifically related to coronavirus (or any current news cycle topic).

The Cybersecurity and Infrastructure Security Agency (CISA), the risk advisor in the U.S., just issued a warning about the coronavirus email scams. CISA suggests you:

When in doubt, never click. Always report anything suspicious to your IT team, IT service provider, or our team here at Field Effect.

Remember to stay calm

At Field Effect, we offer tailored phishing simulation campaigns to keep your team vigilant about email-based scams and ready to respond if they get targeted. COVID-19 is just the latest topic threat actors use to hide their phishing campaigns among the noise—there's no doubt that cyber criminals will take advantage of the next big thing, too.

Also, if you're worried that you've been the victim of a COVID-19 phishing scam, or any cyber attack for that matter, reach out to our incident response team for immediate assistance.