How to spot Covid-19 phishing and ransomware attacks

Malware, ransomware, scams, and identity theft are exploiting fear and health concerns for personal gain
Tips & tricks
2 mins
Laptop with a fishing hook caught on a virus.

NOTE: This post was originally published on April 7, 2020

Spring is normally the time when tax-related phishing scams spike, spurious emails might promise tax rebates to unwitting recipients. This year, the seasonal scam has taken an insidious turn.

Phishing attacks relating to Covid-19 shot up by 667% in March compared to February. These attacks have taken different forms, from phishing emails that claim the recipient has been in close contact with someone who has Covid-19 to malicious apps and documents that purportedly have information about the pandemic but install malware on your device.

Hospitals, which are no stranger to ransomware, have also been targeted, which has forced at least one hospital to shut down and relocate patients. Worse yet, the hospital, Brno University Hospital in the Czech Republic, was carrying out Covid-19 testing.

It seems like these phishers have hit a real sweet spot. People staying and working at home means they might not be working under the same online security protections usually provided by their office network. Compounding this with the fear, stress, and uncertainty the pandemic has brought means that people are also more prone to falling victim to these attacks.

How to spot a phishing attack: a quick checklist

We’ve previously written about how to defend against phishing attacks, but here’s a quick checklist of things to look out for in an email that you suspect is a phishing scam.

  • Is the email unexpected? Is the email addressed to you by name? Can you verify the authenticity of the domain it is coming from, e.g. is it a domain ending in .gov or your local equivalent? While the WHO is not taking care of its cyber hygiene, neither them nor the CDC are sending out email campaigns to the public.
  • Does the email appear fake or unofficial?
  • Are there typos or grammatical and punctuation errors?
  • Does its message require urgent action from you to either click a link or fill our personal information?
  • You can use Google’s Messageheader inspection tool, simply paste the ‘raw email’ into the site to help verify its authenticity.

If you can answer yes to any of these questions, the email could be a phishing attempt. If something seems off, it probably is. Mark it as spam and delete it from your inbox. Do not reply, click any links or download and open attachments.

[Learn more about protecting your privacy and security online. Sign up for the ExpressVPN blog newsletter.]

Be especially careful with companies that you interact with regularly—brand impersonators and imposters are rampant, so err on the side of caution. It can feel tedious, but tedium is better than the costly alternative. When in doubt, find a secondary channel to verify the authenticity of the email, such as by phone, social media or instant messenger.

These scams don’t always take the form of an email, if you receive a text message or a shared link from a friend or family member that’s encouraging you to download a new coronavirus app, or to donate to a charity that only accepts Bitcoin, Venmo or Paypal, you should refrain from replying.

Going directly to the source of what you’re looking for, be it a dashboard showing the number of cases, or a website containing the latest guidance from your country’s respective health authority, is one way to avoid clicking on malicious email links.

Ceinwen focused on digital privacy, censorship, and surveillance, and has interviewed leading figures in tech.