CoVid-19 phishing scams are on the rise — what to know


No event in living memory (unless you’re 106 years old) has impacted daily life across the globe as completely and deleteriously as CoVid-19. The coronavirus and its disease have upended every facet of daily life for basically everyone in this country. Every child is home schooled now; every office is at home unless you’re an essential worker (our thoughts, thanks and prayers go out to all of you!). With confusion and disruption swirling, scammers have gone to work with renewed vigor: CoVid-19 phishing schemes have grown from 1,188 in February to 9,116 in March — a 667% increase, according to research from Barracuda Networks. So what can you do to protect yourself and your business?

What to watch out for

CoVid-19 phishing scams primarily fall into four categories of attacks: scamming, brand impersonation, blackmail and business email compromise. The FBI released a public service announcement dealing with many of the most seen scams. Their top two recommendations?

  • “Look out for phishing emails asking you to verify your personal information in order to receive an economic stimulus check from the government” — the IRS will either mail you a check directly or direct deposit into whatever bank account you paid taxes from (or into which you received your refund) last year. The IRS has whatever information they need on you already, there’s no universe in which they’d need something confirmed through an email solicitation.
  • “Watch out for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or other organizations claiming to offer information on the virus. Do not click links or open attachments you do not recognize” — this is particularly nefarious as people are terrified of the virus, and there has been a deluge of conflicting information in the public sphere. Even the top scientists in the country have changed their recommendations over the course of the pandemic, so it’s normal to seek out new information (especially from the main source of verified information, the CDC). BUT, if you want the most up-to-date information from the CDC, go to their website. Do NOT click on any links or download any files from an unsolicited email

When it comes to scams, Barracuda said most were aiming to sell coronavirus cures or face masks or the like. The other most popular attack was asking for donations to non-profits or government agencies that don’t really exist.

What to do as a business owner

To keep you and your employees, your network and your data safe, here are some pointers to keep safe in this unprecedented time:

  • Install robust endpoint security on all company devices
  • Give all employees access to a VPN to help protect data wherever they are
  • Implement measures to back up and centralize data saved on local drives when your workers are remote
  • Create a data backup process for data availability at alternate business locations when the main office is closed
  • Fully vet any collaboration tools you plan on using to connect (Zoom, Skype, etc.) for security vulnerabilities
  • Use a solution that includes device monitoring, tracking, and remote erase functionality so lost or stolen devices can be located or wiped
  • And finally, educate your employees! Humans are almost always the point of failure in security protocols, so make sure your employees are well-educated about what to watch out for