Covid-19 related email scams to be aware of
The Covid-19 pandemic has transformed the way we live in the UK. It’s been more important than ever to stay in touch. Whether with family, with friends or with work colleagues, it’s important to stay connected. In many ways it’s brought out the best in people; for example communities seek to help each other and provide support to the most vulnerable. As is often the case in times of crisis though, cyber criminals have seized on the opportunity to exploit people. Worries and uncertainties have been preyed upon via a series of email scams which have seen a significant rise as the pandemic has escalated.
Email scams are always a threat to be aware of. These are whether you’re working from home, ordering shopping online or simply catching up with loved ones. Some of the most common include phishing, where cyber criminals attempt to trick the recipient. They try to scam them into giving away personal information like bank details. There’s also spoofing, where an email appears to be from a trusted source. The email itself actually leads the recipient to a URL containing malware or a further scam.
Cyber criminals are adapting age-old techniques in order to make their scams relevant to the current crisis. We want to help to ensure that you don’t fall victim to new and existing tricks. Our IT security experts at Cheeky Munkey run down some of the most common email scams to watch out for.
1. Fraudulent face masks
One of the most commonly reported phishing email scams to Action Fraud over recent weeks has involved fraudulent senders offering to sell face masks that reduce the risk of wearers contracting Covid-19. One victim has reported losing £15,000 to fraudsters after spending it on masks that were never delivered.
2. Important safety measures
As reported by the BBC, an email is sent claiming to be from the WHO (World Health Organisation) or a similar body. This email contains an attachment labelled as containing key safety measures to prevent the spread of coronavirus.
Once opened, the attachment releases malware used to track you online in order to subject you to further fraud. People seeking advice from the WHO are advised to disregard emails. Instead, look at the organisation’s website or social media channels.
3. Lists of infected people
This spoofing scam, also reported by Action Fraud, involves an email purporting to be from an authoritative government organisation. These include the WHO or – in US examples – the Center for Disease Control and Prevention.
The email offers you access to a list of local people in your area who have been infected with Covid-19. When clicked, the link leads either to malware or to a request for bitcoin payment.
4. Offers of a cure
An email, which has been circulating for a number of months now, claims to be from an unknown doctor. It states that their name must remain confidential ‘for security reasons’. The email claims that the coronavirus outbreak is a deliberate population control measure, and Governments are covering up a vaccine.
It uses strong language such as this to induce fear in the reader. This is designed to pressure you into clicking on a malicious link, leading to information about a “cure for Covid-19”. Once clicked, the link takes you to a spoof website where you are encouraged to enter personal details.
5. Emergency tax refunds
HMRC have repeatedly assured people that it never sends notifications of tax rebates by email. These emails however continue to be a popular spoofing method which many fall for.
Another example, designed to exploit panic around the coronavirus, claims that the UK government has established a tax refund programme. This is supposedly in order to help people fund self-protection measures against Covid-19. Upon clicking a link “Access your funds now”, victims are taken to a fake webpage and asked to enter details.
6. Donation requests
Recipients are sent an email which claims to be from a government organisation or charitable body. It claims that they are working to fight the coronavirus pandemic. The email asks for donations in order to assist with this fight, and uses highly emotive and persuasive language. This includes for example, “you are a hero” to convince you that the email is from a worthwhile cause.
If the reader then decides to donate, they are directed towards a fraudulent bitcoin payment link. Furthermore, there is no indication of where their money is actually being sent to.
7. The latest information on the virus
Targeted especially at people who are susceptible to believing what they read online. These email campaigns spreading fake news about the coronavirus are designed to exploit panic.
One example claims to be from a government organisation stating that ‘the virus is now airborne’. This clearly preys on the fears of those who worry most about catching it by leaving their homes. It directs you to a fake login page in order to read further information. You are then asked to enter your email address and password, giving hackers control of your account.
How to avoid Covid-19 related email scams
In times of increased panic, it is more important than ever to be aware of cyber security and the threat of email fraud. Whether opening business or personal emails, it is important to take your time. Do not open anything you receive and do not interact immediately before you evaluate it.
If you have opened an email and it makes any reference at all to coronavirus or Covid-19, be extra vigilant:
- Check the email address it has originated from by clicking on the sender name
- Hover the mouse over any links before clicking on them in order to see where they lead to
- Pay close attention to the wording of the email and any instances of poor grammar
- Look out for any use of generic language such as “dear Sir/Madam”. This suggests that the sender does not know you even if they claim to
If you have any doubt whatsoever about the legitimacy of an email, you should avoid interaction with and report it. When using personal email, mark it as spam in your inbox. If you receive the email while you are working, raise it with the IT department in your organisation. However if you are convinced that an email is legitimate, verify it with the sender. Do not reply directly, use another method such as a telephone call.