5 Tips for Avoiding Coronavirus-Related Phishing Emails

This woman is skeptical about misspellings in her emails, and you should be, too.
This woman is skeptical about misspellings in her emails, and you should be, too. / fizkes/iStock via Getty Images

While you’re sorting through all the corporate responses to the new coronavirus, work-from-home directions from your manager, and various other updates in your email inbox, keep an eye out for phishing attempts, too.

According to Consumer Reports, many of the emails look like they’re coming from the World Health Organization, the Centers for Disease Control and Prevention, or even your own company’s human resources department, and they contain everything from requests for charity donations to information about a possible vaccine.

A lot of them ask for log-in credentials, which cybercriminals can use to reset passwords to your financial accounts and even gain access to corporate computer systems—especially since so many employees are working remotely and might be using personal computers to access company networks. Others ask users to download software to help find a cure for COVID-19; when installed, that malware could release a virus that tracks all your computer activity.

To avoid falling victim to these types of scams, here are some key tips.

1. Look for spelling errors.

Misspellings either in a URL or in the body of the email itself can indicate a phishing attempt. Before opening any email message, hover over the sender's name to reveal its origin. “Corronaviruss.com,” for example, is probably not a reputable site, and an error in an HR rep’s subject line might be more than just a typo.

2. Question the plausibility of the content.

Be skeptical about strangely-worded messages, requests for money, or notifications about miraculous scientific advancements that don’t match what you’ve heard on the news.

"If you are promised a vaccine for the virus or some magic protective measures and the content of the email is making you worried, it has most likely come from cybercriminals," Tatyana Shcherbakova, an analyst for the cybersecurity company Kaspersky, told Consumer Reports.

3. Don’t click on links or attachments.

Hover your cursor over a link to see the full URL. If the URL seems to be directing you to a retailer you recognize, Google the retailer yourself to see if the URL matches the one in the email. Attachments might contain viruses, so it’s best to avoid them altogether unless you’re absolutely positive that it’s coming from a reputable source.

4. Avoid entering personal or financial information.

It’s a red flag if someone wants you to share account numbers, credit card numbers, wire transfers, or log-in credentials via email or on an unsecured website. Even if you’re familiar with the organization sending the email, it could be a clever imitation. Instead of clicking through to the website from the email, search for it in your internet browser.

5. Take advantage of antivirus software and security tools.

“When people are distracted, concerned, and extremely motivated to get information, you can’t count on them to notice things they might have in calmer times," Eric Howes, a principal researcher for the cybersecurity company KnowBe4, told Consumer Reports.

But cybersecurity tools can be a second set of eyes for you. Companies like McAfee and Norton, for example, offer browser extensions that alert you when you try to visit a risky site, and antivirus software programs can protect against malware.

[h/t Consumer Reports]