Scammers are Exploiting Coronavirus Fears to Phish Users

March 9, 2020

Be aware: Do not click on COVID-19 links that come from unsolicited emails. 

Several Government (CDC, FTC) and World (WHO) organizations are reporting an increase in attackers posing as legitimate agencies trying to trick people into sharing their account access credentials or opening malicious email attachments. Attackers have also been sending emails that feed on concerns about COVID-19 to spread malware. More than 4,000 coronavirus-related domains have been registered since the beginning of the year. Of those new domains over three percent are considered malicious and another five percent are suspicious.

Examples include:

Fake Stimulus Checks 

Mar. 23. The FBI's Internet Crime Complaint Center (IC3) is warning users of a new ongoing phishing attack that uses fake government economic stimulus checks as bait to steal personal information from potential victims.

Be aware of phishing emails asking you to verify your personal information to receive an economic stimulus check from the government. Government agencies are not sending unsolicited emails seeking your private information in order to send you money.

Fake World Health Organization and Center for Disease Control Emails:

Coronavirus phishing email example #1
Coronavirus phishing email example #2

Fake Maps Hosting Malware:

Map of COVID-19 spread

Additional Scams:

Free Offers 

We advise caution when receiving unsolicited offers for free software. 

"Vendors (of a variety of reputations) are spamming distributed IT with “free offers”.  We are seeing an increase in emails with all manner of free offers.  In most cases, accepting them without any enterprise agreement, DUA, and other contractual instruments that we use to protect privacy, mitigate risk, ensure regulatory compliance (HIPAA, FERPA), and maintain ownership of University data and intellectual property is a liability.
There are a lot of vendors right now using the crisis as an opportunity to up-sell universities from free to paid offerings and/or to get our data and monetize it. Don’t take the bait."
- via Micronet listserv

For more information on these types of attacks: