Spotting and avoiding online “phishing” scams

You are here:
< All Topics

“For malicious people, preying on collective fear and misinformation is nothing new. Mentioning national headlines can lend a veneer of credibility to scams. We’ve seen this tactic time and again, so it’s no surprise that COVID-19 themed social media and email campaigns have been popping up online.”

  • If an email sounds too good to be true, it probably is (“New COVID-19 prevention and treatment information! Attachment contains instructions from the U.S. Department of Health on how to get the vaccine for FREE”).
  • If an email demands urgent action from you, take a moment to slow down and make sure it’s legitimate (“URGENT: COVID-19 ventilators and patient test delivery blocked. Please accept order here to continue with shipment.”).
  • Check the sender’s email address. Are they who they claim to be? Check that their contact name matches the actual email address they’re sending from.
  • Try not to click or tap! If it’s a link and you’re on a computer, take advantage of your mouse’s hover to closely inspect the domain address before clicking on them.
  • Try not to download files from unfamiliar people. Avoid opening attachments from any external email addresses or phone numbers.
  • Get someone else’s opinion. Ask a coworker: Were we expecting an email from this sender? Or ask a friend: Does this email look strange to you? A good practice is to use a different medium to verify (for example, if you receive a strange email claiming to be your friend, try calling your friend over the phone to double-check that it’s from them).

Above tips taken from this blogpost, which “provides an overview to help you fight against phishing attacks and malware, examples of phishing messages we’ve seen in the wild related to coronavirus and COVID-19, and specific scenarios to look out for (such as if you work in a hospital, are examining maps of the spread of the virus, or are using your phone to stay informed).”

Table of Contents