Beware of Coronavirus Phishing Attacks

computer image

The outbreak of the novel coronavirus has led to fear and anxiety among the public, giving birth to a new subgenre of phishing attacks.

During the pandemic, cybercriminals have posed as trusted entities such as The Centers for Disease Control and Prevention (CDC) and sent bogus emails to unsuspecting users. These emails contain malicious links and attachments that, when clicked on or downloaded, can infect your computer with all kinds of malware, from viruses to worms. Once the malware is in your computer’s system, the hacker may be able to spy on your activity, access your financial records, freeze your system and even steal your identity.

Whether it is a local natural disaster or a global pandemic, cybercriminals will send phishing emails to exploit people when they are most vulnerable. With public events canceled and citizens practicing social distancing, it is no surprise that hackers have been tailoring their latest phishing schemes around coronavirus.

In order to protect yourself against phishing attacks, it is important to understand what they look like and how to act once you become a target. Before we get into specific examples, here are a few common signs that an email is actually part of a phishing scheme:


●      The email does not include your name, and instead begins with a generic greeting like “Dear sir or madam.”

●      The text contains spelling and grammar errors.

●      The sender is requesting private information like your login credentials, Social Security number, etc

●      The message is urging you to act immediately, whether that means clicking on a link or providing personal information.


Examples of coronavirus phishing emails

When you are looking through your inbox, keep an eye out for these increasingly common phishing emails:

Alerts from the CDC

As mentioned before, cybercriminals alleging to be from the CDC may send you messages with “important information” regarding the coronavirus. Like all phishing emails, there will be a link or attachment that the sender is urging you to click on or download. The message might say something like, “click here to see a list of new cases in your area,” or “download this PDF for helpful tips on how to avoid contracting the virus.” These files may contain malware that will infect your computer or redirect you to a legitimate-looking website that will then attempt to harvest your personal information and/or passwords.

Changes to workplace policy

Hackers target workplace email addresses in these attacks as well. They might send you a fake email claiming to be from your employer or human resources department with something like an “update to company policy in response to the coronavirus.” The message will prompt you to open, review and save the “new policy.” However, if you follow these instructions, you could be infecting your computer with malware

Advertisements claiming to offer treatments or cures

Cybercriminals may also try to get you to purchase fake products via email advertisements. These ads could be for drugs or medicines that promise to prevent or fight off coronavirus, but in reality, their only purpose is to steal your credit card information.

How to avoid becoming the victim of a phishing attack

If you receive an email that resembles any of the ones listed above, do not click on any links included in the message or download any attached files. Additionally, if the sender is requesting private information like your passwords or Social Security number, do not respond. Instead, delete the email.

As a good rule of thumb, never engage with any email unless you are 100% confident in the source. Keep in mind that a legitimate organization, like your bank or employer, would never ask you to send private information over email in the first place. If you are still unsure about the authenticity of the email after deleting it, you can always connect with a representative from the organization in person or over the phone for more clarity. Though, make sure you call a number that you already have on file, as fraudsters often provide different phone numbers in the email signature in an attempt to intercept “out of channel” verification.

Another way to avoid becoming the victim of a phishing attack is downloading antivirus software. These programs can detect and dismiss fake emails before they make it into your inbox.

To learn more, get in touch with Comerica Bank today.

This information is provided for general awareness purposes only and is not intended to be relied upon as legal or compliance advice.

This article is provided for informational purposes only. While the information contained within has been compiled from source[s] which are believed to be reliable and accurate, Comerica Bank does not guarantee its accuracy. Consequently, it should not be considered a comprehensive statement on any matter nor be relied upon as such.

Related Content