As with any crisis that draws a great amount of media coverage, consumers should be on alert for fraudsters who may try to take advantage of them during the coronavirus pandemic. One common fraudulent activity related to COVID-19 is fraudsters sending phishing emails in an attempt to steal personal information or request money.
How it works
Cybercriminals send emails claiming to be from legitimate organizations with information about the coronavirus. If you click on the attachment or embedded link, you’re likely to download malicious software onto your computer or mobile device. The malicious software (aka malware) could allow cybercriminals to take control of your computer, log your keystrokes, or access your personal information and financial data, which could lead to identity theft.
Coronavirus-themed phishing emails can take different forms, including:
- CDC or government alerts. These are emails designed to look like they’re from the Centers for Disease Control, the U.S. Government, or your state or local government, which falsely provides a link to coronavirus information.
- Health advice emails. Phishers have sent emails fraudulently appearing to be from legitimate sources offering medical advice to help protect you against the coronavirus. The email may contain a link asking for personal information.
- Trusted source emails. The email may appear to be from your employer, financial institution, or another business you trust. Fraudsters can copy logos and send emails with “important information” regarding your account or workplace policy.
With any suspicious email where you don’t know the sender and/or hyperlinks or attachments are included, you can follow good security practices to help reduce the likelihood of falling victim to phishing attacks:
- If you suspect deceit, hit delete.
- Beware of online requests for personal information. A coronavirus-themed email that seeks personal information like your Social Security number or financial institution login information is a phishing scam. Legitimate businesses and agencies won’t ask for that information. Never respond to the email with your personal data.
- Check the email address or link. You can inspect a link by hovering your mouse pointer over the URL to see where it leads. Sometimes, it’s obvious the web address is not legitimate. However, phishers can create links that closely resemble legitimate addresses. Delete the email.
- Watch for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammar errors, it’s likely a sign you’ve received a phishing email. Delete it.
- Look for generic greetings. Phishing emails are unlikely to use your name. Greetings like “Dear sir or madam” signal an email is not legitimate.
- Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to get you to click on a link and provide personal information — right now. Instead, delete the message.
We’re all taking plenty of precautions to protect our health amid coronavirus concerns — and that should go for your online health, as well. By practicing a few smart security practices, you can feel more confident in your online safety.
Learning Center articles, guides, blogs, podcasts, and videos are for informational purposes only and are not an advertisement for a product or service. The accuracy and completeness is not guaranteed and does not constitute legal or tax advice. Please consult with your own tax, legal, and financial advisors.