COVID-19 Phishing Attacks
Use caution when opening emails from WHO, the CDC, and other health organizations
COVID-19 has us looking to the news and important health organizations for information about this pandemic. Sadly, many online criminals, also known as cybercriminals, are taking advantage of this situation and phishing attempt and attacks are on the rise.
Since the intensity of the coronavirus spread has grown, there has been an increase of phishing attempts posing as the World Health Organization (WHO), the Center for Disease Control (CDC), and/or other relevant health organizations. Here’s a list of guidelines you can follow to protect yourself and stay safe online.
Never Give Out Your Personal Information
Generally speaking, it’s best to avoid sharing personal information online. Things like pet names, social security numbers, and bank account information can be used against you in a phishing attack to steal your identity and leave you in financial distress.
Many of us are facing layoffs, gaps in revenue, or looking to unemployment for financial assistance. It’s important to protect your personal information to protect yourself from even more financial uncertainty. Legitimate organizations and companies won’t ask you to verify sensitive information via email.
Verify The Email Address Domain
A straightforward way to help you determine the legitimacy of an email is to look at the domain of the sender’s email address. Usually you can do this simply by hovering your mouse over the address. Then, you can verify that the email was sent from a legitimate and familiar source.
Because of our widespread unemployment uncertainty and remote work, some hackers may disguise themselves as an employee’s HR representative. They may claim that staff must read and agree to a new COVID-19 health policy or have information about layoffs. If this information is sent to you by an unfamiliar source and the domain looks different, get in contact with your employer to ensure you are opening and responding to a legitimate message.
Be Sure Before You Click and Download
If you’re receiving files or links from an unverified source, it’s recommended that you think before you click or download. The best rule of thumb is, if you aren’t sure, follow your gut feeling and avoid it. Links and downloads can lead to different types of viruses and malware that can expose personal information and give access to sensitive accounts to cybercriminals.
Phishing attacks will try to take advantage of your need for information and possibly your drive to help others. This may be in the form of a link or file claiming to contain a list of new coronavirus cases or other relevant information such as disinfection methods.

Identity Thieves Want You To Download Files
A good rule of thumb is to ask yourself whether you have an account with this company, or whether you know the person who is sending you the email. If you don’t know who they are or you don’t have an account with them, don’t open the file or click any links in the email. If you do know who sent you the email, or have an account, contact them directly using a phone number you know to be real. Confirm they sent you this message before downloading or clicking.
Use Trusted Sources like WHO and the CDC
When looking for the most up-to-date information about the coronavirus pandemic, be sure to use trusted and well-known sources like WHO and the CDC. If you choose to visit unfamiliar and untrustworthy websites, you increase the risk of picking up malware.
It is possible to pick up an Exploit Kit (a method of delivering malware to attack bank account information and more) from a website, even if you have antivirus and anti-malware protection.
Update Your Phone’s Software Regularly
Mobile software updates typically include important security components as well. By updating your phone’s software regularly, you are actively increasing your personal security and protecting yourself from phishing attempts. Be sure to take advantage of automatic software updates so you don’t miss out on any important changes and security features.
Staying Safe & Aware
If you think you’ve already been impacted by a phishing attempt, visit IdentifyTheft.gov for information about what to do. If you’ve recently received phishing attempts, you can visit the FTC’s website to issue a complaint and file a report.
It’s more important than ever to stay safe, both physically and virtually. Use these guidelines to help you protect yourself from phishing attacks. By having healthy online habits, you can feel a little more at ease during these difficult and trying times.