Help Your Employees Spot a COVID-19 Phishing Attack


Cybercriminals are taking advantage of a situation where most people are now working from home which might be less secure than the office environment, and there is heightened concern generally within the community over the pandemic.


These phishing emails and scam messages are likely to be impersonating the World Health Organisation (WHO), government agencies, financial institutions, telcos or other legitimate organisations.


Recent COVID-19 phishing examples include:

  • An SMS appearing to come from ‘GOV’ or ‘GMAIL’, with a malicious link to find out where to get tested for COVID-19 in your local area.
  • An email pretending to be from WHO, prompting you to open an attachment for advice on safety measures to prevent the spread of COVID-19.
  • An email offering recipients $2,500 (or similar sum) in ‘COVID-19 Assistance’ or ‘COVID-19 Relief’ payments if they complete an attached application form.



If the cybercriminal successfully tricks you into clicking on a suspect link or opening a malicious attachment, the damage could include theft of your online banking credentials or credit card information, installation of spyware or ransomware, and many more. See this Carbon Black analysis for more information.



To avoid being compromised, here is some advice to provide your employees:

  • As an important first step to protect yourself and your organisation, never click on a link or open an attachment in an email or text message from an unknown sender.
  • These links or attachments are commonly appearing as COVID-19 related documents, VPN clients, remote meeting software installers, mobile apps, shipping information, invoices or receipts – and they can appear with just about any file extension.
  • If the subject line, sender, email content, URL or attachment contains anything related to COVID-19 or coronavirus, be suspicious immediately.
  • If the message ‘appears’ to come from a known sender, such as the Australian Government or WHO, verify the sender by checking their actual email address. If still uncertain, then go to the official website for that organisation and search for information relating to COVID-19. Most will be displaying COVID-19 updates and links prominently on their home page.
  • If the message is purporting to offer a vaccine or cure for COVID-19, this is definitely fraudulent or malicious, because a vaccine or cure does not currently exist.
  • If the message is asking for a donation or your personal details, do not provide these unless you have verified who they are by following the steps above and conducting careful research.
  • Stay up-to-date on the latest advice with regards to COVID-19 and malicious online activity by going to the following government and NGO websites:




Further References

Mimecast – Coronavirus Phishing Attacks Speed up Globally

Carbon Black – Covid-19 Technical Analysis