Please ensure Javascript is enabled for purposes of website accessibility

Phishing scams in the time of COVID-19

niedzialkowski-col-sigBeyond the obvious health and economic dangers associated with COVID-19, the coronavirus pandemic has ushered in a virtual onslaught of online scams. Google reports that during the week of April 13 alone, it identified over 18 million daily malware and phishing emails related to COVID-19 scams, on top of more than 240 million daily spam messages related to the novel coronavirus.

Using both fear and financial incentives to convince users to respond, these scams run the gamut, from impersonating various government agencies to soliciting donations to pretending to have information about government stimulus payments.

Of particular concern with so many people working remotely from their homes are phishing scams. Using a combination of phone calls, emails, bogus websites, and text messages, these scams typically enable cybercriminals to take control of your computer, log your keystrokes, or access sensitive personal information and financial data.

Coronavirus-related phishing emails can take on a variety of different forms. Cybercriminals, for example, have sent phishing emails designed to look like they are from the U.S. Centers for Disease Control  and Prevention, falsely claiming to link to a list of coronavirus cases in your area.

Phishers have sent emails that offer purported medical advice to help protect you against coronavirus. Scammers have even targeted employees’ workplace email accounts, claiming to provide updated company policies with respect to coronavirus.

What to watch for

To protect yourself from phishing scams — particularly at a time when so many of us already feel vulnerable due to the COVID-19 scare – it is essential to learn about the methods cybercriminals use and the signs that indicate you may be a potential victim.

With more people than ever checking in on social media channels, it is important to resist the temptation to click on ads posted by scammers that claim to offer a treatment, cure, or just more information about COVID-19. Doing so could potentially download malware onto your device. You might also end up buying a product that is useless. Meanwhile, you have shared personal information, including your credit card number.

Online requests for personal information should always be avoided. An email that seeks confidential information such as Social Security numbers, passwords, or financial information, is likely a phishing scam.

Legitimate organizations will never request sensitive information via email or phone, and most banks and credit unions won’t ask for your information unless you are the one contacting them.

It is equally important to avoid emails that insist you act immediately or use other intimidation tactics, such as threatening to disable an account or delay services until you update certain information. The goal of such phishing emails is to get you to click on a link and provide personal information immediately. Instead, delete the message.

Some tipoffs

Generic greetings or grammatical errors are other potential tipoffs to a phishing email. The email often looks legitimate and may begin with “Dear Sir/Madam.” Look carefully for typos, misspelled words, or a contact address that doesn’t match the company that supposedly originated the email.

Also avoid emails from a bank or other organization with which you don’t have an account. All of these represent red flags that you may be the target of a phishing scam.

Next, never use links in an email to connect to a website unless you are absolutely sure they are authentic. Instead, open a new browser and type the URL directly into the address bar.

If you receive an email from a friend with just a link, be wary, inspect it, and ask your friend what the intent was before agreeing to click on the link.

You can inspect a link by hovering your mouse over the URL without clicking, to see where it leads. While it can sometimes be obvious that the web address is not legitimate, phishers are good at creating links that closely resemble legitimate addresses.

Finally, it is always important to treat email attachments with caution. Email attachments are commonly used by online scammers to sneak a virus onto your computer. These viruses can help the scammer to steal important information from your computer, even if you don’t provide that information directly.

And never submit confidential information via forms embedded within email messages. Senders are often able to track and capture any information that is entered.

Bottom line: Your security is important, particularly in these uncertain times. As a result, it is essential to educate yourself so that you avoid becoming the next victim of these often very convincing phishing scams.

Tonia Niedzialkowski is executive vice president, chief operating officer at Point Breeze Credit Union. She can be reached at