Phishing scams spike as hackers use coronavirus to prey on remote workers

From fake work emails to fraudulent notes from the Centers for Disease Control

Image
Phishing attempt
Login screen
Getty Images / picture alliance / Contributor
Last Updated:
March 27, 2020 - 11:27am

The Facts Inside Our Reporter’s Notebook

Links

Other Media

Image
An example of an email phishing scam.
An example of an email phishing scam. Security experts say look for “coronavirus” or “COVID-19” in the subject line.
Cofense
Image
An example of a scam cure and treatment plan for coronavirus.
An example of a scam cure and treatment plan for coronavirus.
Cofense
Image
The dashboard for Johns Hopkins University's coronavirus-tracking map.
The dashboard for Johns Hopkins University's coronavirus-tracking map.
Johns Hopkins University

    As more Americans move to remote work, security experts warn people to be on the look out for cornavirus-related phishing scams as cybercriminals prey on fears about the pandemic.

    "Consumers should have their guard up when checking their email and filling out requests for information, especially when it comes to emails that have 'coronavirus' or 'COVID-19' in the subject line," said Aaron Higbee Chief Technology Officer for the Virginia-based cybersecurity firm Cofense.

    Image
    An example of an email phishing scam.
    An example of an email phishing scam. Security experts say look for “coronavirus” or “COVID-19” in the subject line.
    Cofense

    One scam reported to Higbee’s company includes a phishing email disguised as an official work email that tells the user to sign up for a remote work program by the end of her work day. 

    Most obvious signs that it's a fake email is the lack of capitalization in Kate’s name, along with the period that’s separating her first and last name, he said. These emails often have grammar errors, and in this case there is an unnecessary apostrophe in the word “employee’s.”

    Higbee explained that these scammers are often non-native English speakers, so spelling errors and grammar mistakes are easy indicators of when an email might be a scam.

    In another email provided by Higbee, an email touted a supposed cure and treatment plan for coronavirus which doesn’t exist. Clicking on the link in the email prompts the user to enter their personal information in a sketchy website. 

    Image
    An example of a scam cure and treatment plan for coronavirus.
    An example of a scam cure and treatment plan for coronavirus.
    Cofense

     

    Other phishing emails that appear to be from the Centers for Disease Control or World Health Organization promise important news about COVID-19 that could impact your health or employment benefits.

    However, scams go beyond just email lures.

    The Better Business Bureau says it’s received numerous reports about scam websites claiming to sell face masks online, where the phony sellers take victims’ money and never deliver anything.

    There are also reports that a malicious website is displaying a map of COVID-19 cases mimicking a legitimate one from Johns Hopkins University. The Florida Attorney General’s office warn that the fake page is being spread through email attachments and malicious online advertisements.

    Image
    The dashboard for Johns Hopkins University's coronavirus-tracking map.
    The dashboard for Johns Hopkins University's coronavirus-tracking map.
    Johns Hopkins University

    In New York City, the NYPD warns of coronavirus-related scams involving hackers using websites to sell fake products to steal personal or financial information.

    Higbee said to slow down and check before you click on anything. Most legitimate websites and sources won’t reach out to you blindly and ask for your personal information. Double check with your company to make sure an email asking for information came from them in the first place, and do your homework.

    Top ways to spot phishing emails

    1. Emails Demanding Urgent Action

    2. Emails with Bad Grammar and Spelling Mistakes

    3. Emails with an Unfamiliar Greeting or Salutation

    4. Inconsistencies in Email Addresses, Links & Domain Names

    5. Suspicious Attachments

    6. Emails Requesting Login Credentials, Payment Information or Sensitive Data

    7. Too Good to Be True Emails