COVID 19 scam alert Evalian

COVID-19 cyber security scams to watch out for

June 16th, 2020 Posted in Information Security

We are living in a truly unprecedented moment of human history. The COVID-19 pandemic has affected every single country in the world and forced businesses to close, and entire communities face strict social distancing. Yet, as the world locks itself away, criminals have been highly active and coronavirus cyber security scams have emerged as a serious threat.

A joint study in 2020, between the National Cyber Security Centre in the UK (NCSC) and the US Department of Homeland Security (DHS) found a significant rise in coronavirus cyber crime. These cyber criminals are using the fear and anxiety that the pandemic has created to gain key personal or financial information from their victims.

Although cyber crime is not new, more people working from home on personal computers, using VPNs and away from the usual cyber security measures that they might have in their office, it has given criminals more chance. This has meant that everyone needs to be more aware of potential coronavirus cyber security scams.

Common COVID-19 cyber security scams

Cyber criminals are becoming increasingly more sophisticated, making it harder for individuals and businesses to recognise criminal attempts. Some of the most common scams that have been identified so far include:


Phishing is one of the biggest cyber security threats out there and involves scammers trying to secure personal information from victims or have them download dangerous malware to their devices. These phishing scams attempt to do this across multiple platforms, but the two most common to watch out for are via text messages or email.

Vishing & Smishing

These phishing emails or messages look incredibly sophisticated and believable. Since the pandemic began, cyber criminals have been making them appear to be sent from legitimate organisations, such as the World Health Organisation and the UK Government. The overall theme of these messages has revolved around furlough payments, false information and fraudulent alerts.

These emails are looking increasingly more realistic, often including the relevant logos. However, there are some key areas to watch out for, including coming from a suspicious email address or containing spelling mistakes. If you are unsure, visit the purported website directly via your browser rather than clicking any links in the message.

Fake website

Alongside phishing attempts, cyber criminals are playing on the fears surrounding the pandemic by establishing fake COVID-19-related websites. These sites are designed to secure valuable data, such as banking information, from their victims, and to do this, they claim to sell remedies and vaccines for the pandemic, or are pretending to retail fake testing equipment.

If you are unsure of the legitimacy of a website, look for the padlock symbol in the search bar or for the HTTPS prefix. Equally, you should check for the overall appearance of the site – if there are spelling errors or broken links, then this should be a warning sign. Alongside that, if the prices are far lower than anywhere else on the market, then chances are it is a scam.

Smartphone apps

Another common scam over the last few months has been targeting user’s smartphones. There has been an increase in the number of apps claiming to reveal the current spread of the outbreak. These criminals are targeting those worried about coming into contact with the virus by pretending they can track its spread.

However, this data is not publicly available, and what these apps really do is install dangerous malware onto the device, which can harvest personal information and even lock the user out until they pay a ransom.

Protect yourself

Coronavirus cyber security Scams are on the rise, and as the world gets used to working from home, protecting yourself and your business from cyber criminals is crucial. Awareness updates are critical. Consider employee phishing tests as part of your penetration testing programme and introduce a ‘drip’ awareness campaign with examples of scam emails received or links to information about scams. Remind people to be vigilant and train them to look for tell-tale signs of a phishing email.

Need help?

We understand the dangers cyber crime can pose to your business, so if you’re looking for a review of your procedures, or want to improve your security, get in touch with our friendly team today.


Phil Harris Evalian 250x250

Written by Philip Harris

Philip consults on data protection and acts as outsourced DPO for clients. He has a long history of working with innovative, technology led businesses and in technology licensing. He is experienced in building and supporting operational and compliance business functions, including HR, ICT, H&S and Quality Management Systems. Phil is also Operations Director at Evalian™. His qualifications include IAPP CIPP-E, ISO 27001 Lead Implementer, CIPD and APM. He also holds an MBA from Imperial College.