Akamai Diversity

Akamai Security Intelligence
& Threat Research

COVID-19 Related Phishing: A Personal Viewpoint

Dealing with unforeseen challenges around the COVID-19 pandemic has impacted people around the world.  The overwhelming amount of news coverage for the coronavirus has created new opportunities for scammers and resulted in millions of  phishing attempts as confusion and misinformation have allowed threat actors to take advantage of vulnerable people, concerned for their health.

Threat actors send emails claiming to provide legitimate sources of information about the coronavirus.  These emails ask you to click on an embedded link, then enter your personally identifiable information (PII).  Or the email may claim to contain the latest COVID-19 statistics data in an attachment.  If you open the attachment, malicious software (malware) may be installed onto your computer.  The malware could allow the threat actor to control your computer or steal your information.  My own family has experienced this threat firsthand.

My brother was recently the victim of COVID-19 email scam.  He works with someone who was exposed to COVID-19 by a person who was hospitalized for a month.  My brother wanted to be tested to ensure he was not infected with COVID-19, since he helps take care of our elderly parents.  He also regularly sees family members, including kids aged 11, 8, 6, and 6 months old.  He could not get tested at his local pharmacies in CT due to high demand and shortage of test kits.  He also attempted to get tested in other states such as MA and NY; however, the test sites had no availability.  

My brother was frustrated by the possibility he could get other family members sick.  When he received an email from a seemingly legitimate medical company, claiming to sell an "FDA APPROVED" COVID-19 test kit online for $99 with shipping included, he clicked on the embedded link to purchase the test kit without hesitating.  The link asked for his PII, including full name, email, home address, phone number, and credit card number with the expiration date and CVV three-digit code.  Before he clicked "submit" and lost his personal information, he thought "this is too good to be true."  My brother started to call family members and ask if anyone has received similar emails.  We all said "no" and told him DO NOT CLICK on malicious links, report the email to the Centers for Disease Control and Prevention or Federal Communications Commission, delete the email, and empty the trash. 

Tips for recognizing and avoiding phishing emails

Is it possible to take steps to help protect yourself against COVID-19 related scams?  Yes, you can!  Here are a few suggestions for protecting yourself:

  • Beware of online requests for personal information:  A coronavirus-targeted email that seeks personal information, like your Social Security number or login information, is most  likely a phishing scam.  Legitimate government agencies won't ask for that kind of PII.  Never respond to an email requesting your personal data and delete it.  

  • Check the email address or link:  You should inspect embedded links by hovering your mouse over the URL to see where it leads.  Sometimes, it's obvious the web address is not legitimate because the link address isn't associated with the subject of the email or the company it claims to be from.  But keep in mind, phishers can create links that closely resemble legitimate addresses.  Delete it.

  • Watch for spelling and grammatical mistakesIf an email includes obvious spelling, punctuation, or grammar errors, it's a sign you've likely received a phishing email.  However, spelling errors aren't a foolproof indication of a phishing email, as many legitimate emails could use more proofreading.  Delete it.

  • Look for generic greetings:  Phishing emails are unlikely to use your name.  Greetings like "Dear sir or madam" is one more signal an email might not be legitimate.  Delete it.

  • Avoid emails that insist you act now:  Phishing emails often try to create a sense of urgency or demand immediate action.  The goal is to get you to click on a link and provide personal information -- right now.  You guessed it, delete it.

Where can I find legitimate information about the coronavirus?

It's a good practice to go directly to reliable sources for information about the coronavirus.  Government offices and health care agencies are a good place to start.

Here are a few of the best places to find answers to your questions about the coronavirus:

  • Centers for Disease Control and Prevention (CDC):  The CDC website includes the most current information about the coronavirus, including:

    • How the coronavirus spreads

    • Symptoms

    • Prevention and treatment

    • Cases in the U.S.

    • Global locations with COVID-19

    • Information for communities, schools, and businesses

    • Travel

  • World Health Organization (WHO):  WHO provides a range of information, including how to protect yourself, travel advice, and answers to common questions.

  • National Institutes of Health (NIH):  NIH provides updated information and guidance about the coronavirus, including information from other government organizations.

Additional resources: