Beware of coronavirus email scams

We are living in unprecedented times. Bars, restaurants, schools, hair salons, and even places of worship are closed due to the outbreak of Coronavirus Disease 2019 (COVID-19). This global crisis has all the ingredients scammers love: an anxious population, demand for goods in short supply, vulnerable people at high risk, and tons of misinformation floating around on social media. Cybercriminals have wasted no time taking advantage of this golden opportunity to play on people’s fears or invoke feelings of charity.

Here are some of the email scams we’ve seen in the past several weeks.

Fake emails from the WHO

The following emails claim to be from the World Health Organization (WHO) offering details on free COVID-19 testing centers and a bogus coronavirus vaccine. However, these emails did not come from the WHO despite showing the “who.int” domain in the From address. These messages contain malicious attachments which could compromise the security of your network if opened.

The WHO is aware that their name is being used by scammers and provides information on their website about how to verify if communication is legitimate. The WHO will not email you unless you’ve signed up to receive their newsletter and all legitimate links will start with “https://www.who.int/”

The best advice is to visit the dedicated WHO site directly, or other national health sites such as the Center for Disease Control and Prevention (CDC) or the National Health System in the UK.

Exploiting charity and generosity

Other emails will pull on your heart strings to scam you into to donating money.

The Solidarity Response Fund is a legitimate fund operated by the WHO, but they will not ask you to pay with Bitcoin. Donations can only be made through the WHO site or https://covid19responsefund.org/

Financial assistance scams

If your business is hurting you might be tempted to respond to this email purporting to be from the Gates Foundation offering financial assistance. If you give the scammers your personal information they could withdraw money from your account or steal your identity.

Fraudulent offers for face masks

Face masks and other personal protective equipment are in short supply. These bogus emails claim to have life-saving products that you can’t find anywhere else. The links in these messages take you to a malicious website that could infect your computer with malware, or dupe you into giving away sensitive personal information such as passwords or credit card numbers.

Other Misinformation

Right now, people are searching for answers. Unsolicited emails that offer information on the coronovirus should be viewed with caution. One claims to “virus-proof your life” while another claims to provide a list of drugs to cure the disease.

Conclusion

All of the above emails take advantage of the current climate of fear and are designed to trick you into clicking a malicious link or opening an infected attachment. Fortunately, all of the above emails were blocked by MX Guardian and did not reach the intended recipients.

However, right now it’s more important than ever to remain vigilant to prevent this humanitarian crisis from becoming a cybersecurity crisis. Here is a list of things you can do to protect your business and your network security.

  • Avoid clicking on links or downloading any attachments in unsolicited emails unless you’re absolutely sure the message is authentic. Communicate with the sender via other channels to verify the message is legitimate.
  • Ignore communications that ask for sensitive personal information.
  • Beware of emails that create a false sense of urgency or alarm.
  • Look out for fraudulent charities or crowdfunding campaigns.
  • Use a cloud-based email filter to block malicious emails before they reach your network.