Symptoms of a COVID-19 scam

Posted by Gemma Sirett on April 1, 2020

Like the virus itself, scam emails claiming to be related to coronavirus are everywhere and spreading fast, preying on the public’s panic and an insatiable hunger for the latest information, government guidance, death toll, and news of infected celebrities.

There’s nothing new about the techniques being adopted by threat actors here, but then again, these aren’t normal circumstances. Where only a few months ago you’d have automatically deleted an ‘URGENT: CLAIM YOUR HMRC VIRUS RELIEF FUNDING NOW’ email because it’s clearly spam, uncertain times make people desperate for all the help and guidance they can get. For those who are currently out of a job because of the restrictions, emails like this can be seen as a welcome lifeline that they’re more than happy to comply with. Threat actors are all too aware of this, and see it as an easy way to get the personal and financial information that might otherwise require more subtlety and skill to obtain.

So in these panicked times where the general public isn’t functioning with quite the same level of online vigilance as it once was, here are five key tell-tale signs of a scam to look out for in every email you receive, especially those that claim to relate to COVID-19.

  1. It’s sent from a public domain
    You’re never going to be sent legitimate pandemic control advice from coronavirus.info@gmail.com. Real companies have their own domain, so always check the email is from who it appears to be from – look at the email address itself, not just the displayed sender’s name.
  2. The email address is misspelled
    HMRC sending you information on how to claim virus tax relief from the domain hrmc.gov.uk? Nice try. It’s a trivial task for attackers to create a new domain that looks almost identical to the real deal, but with a substituted letter or small misspelling that would go unnoticed at a glance. Always double check the spelling of the domain the email claims to be from.
  3. It’s not exactly Shakespeare
    Unlike targeted, well-researched spear phishing emails, blanket scam emails sent to thousands of people in a hurry are often poorly written with questionable grammar. All the words might be spelled correctly but more often than not, there will be syntactical and grammatical errors peppering the email text that will give it away.
  4. There are dodgy extras
    Does the email have an attachment or link that feels suspicious or unnecessary? Curiosity will not do you any favours here. Why would pandemic mitigation advice be in an attachment, not the body of the email? Why doesn’t the link URL match the domain of the company the email claims to be from? And why do they need you to log in? Is this VPN installer you’re being told to download actually from your IT department? Red flags aplenty and you know it.
  5. It’s urgent
    The only urgent thing about coronavirus is the need to stay at home, wash your hands, and maintain social distancing. And that’s not even urgent any more, it’s common knowledge. Asking users to act now before it’s too late is an obvious route to go down with COVID-19 advice, because it preys on the public’s heightened panic and desire for instant gratification and answers.

It’s human nature to care more about information we can personally relate to. It’s also a strange quirk of human nature that we’re fascinated by disease and death. It didn’t take long for cyber attackers to exploit this morbid curiosity by weaponising a map showing the numbers of coronavirus cases across the world as a means to distribute malware when opened. Of course you’d want to know if your neighbours had a highly-infectious and potentially deadly virus, wouldn’t you?

Anatomy of a coronavirus scam email

Keeping yourself safe from email scams

Impersonating authoritative bodies we should all be taking advice from at this unusual time – i.e. the government, NHS, and WHO – is a simple attack method that’s unfortunately very effective. Here are three ways you can keep yourself safe from those looking to capitalise on fear and doubt:

  1. Be suspicious. Of everything
    Being cautious never caused a data breach.
  2. Be careful what you click, especially shortened URLs
    If you can’t see the full destination of a URL, how can you be sure it’s legitimate and safe?
  3. Downloading something for work? Ask your IT team first
    Your IT department would much rather you check a legitimate download with them than risk downloading malware.

There are cyber attackers out there who are more than happy to profit from COVID-19 and the public’s collective fear and panic about it. Don’t make it easy for them – keep yourself as safe online as you are in person.

And yes, we are fully aware how similar our name is. Thanks for pointing it out.