Coronavirus increasingly used for phishing scams

Scammers are using the recent Omicron surge as bait in phishing attacks. These new phishing campaigns often use official-looking emails about the Coronavirus to get people to provide their email addresses, personal information, and passwords.

In one example, the attackers promised to provide a list of the area’s active infections to trick potential victims into clicking a link in the message leading to a page designed to steal their credentials.

In another phishing email, the attackers tried to pass as an official alert message from the Centers for Disease Control and Prevention (CDC).

Coronavirus scams have taken many forms, including:

  • Alerts from local or national health organizations about local Omicron cases.
  • Updates from an employer about policies or procedures to address the risk.
  • Emerging information about protecting yourself, your children, or your community.
  • Charitable appeals to help Coronavirus victims.

Here are some tips to help you keep the scammers at bay:

  • Don’t click on links from unknown sources. This could download harmful malware onto your computer or device.
  • Go directly to the source for the most up-to-date information. Visit the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO) official websites.
  • Do your homework before donating to a charity or a crowdfunding site. If someone wants donations in cash, by gift card or by wiring money, don’t do it.
  • Beware of “investment opportunities” for emerging Coronavirus cures, tests, or treatments. The U.S. Securities and Exchange Commission is seeing an increasing number of false online claims of Coronavirus-related stocks that are about to dramatically increase in value.
  • Shop around. Scammers often overcharge for health-related products or their shipping costs, or send counterfeit items, so always comparison shop.

ITS will continue to simulate phishing and assign training to those most susceptible. If you believe you’ve been targeted by phishing, see Reporting a Phishing Message (How-to).

—Chris Mielke, ITS