Coronavirus - Phishing Mails are Trying to Exploit Fears

by Robert Best on February 12, 2020
Find me on:


The Coronavirus has been across the news since the first reported cases. WHO and other bodies have been proactive in offering advice on how to avoid contracting the virus. Sadly cybercriminals love nothing better than a crisis and have been trying to use that advice for their own gains.

This article is a warning about the most popular Coronavirus phishing emails and what to look for to avoid becoming a victim.

Fake CDC Alerts

Email security training platform KnowBe4 spotted this fake CDC scheme. Attackers enticed their victims with a list of infections in their area. To access the list and to find out if your area had any outbreaks you had to click a link. That link took you to a page designed to steal your credentials.

Once clicked the malicious link appears to go to the CDC website but then gets redirected to a domain used for phishing. There the victim is asked to enter their Outlook login details, which are of course stolen.

The attackers had mimicked emails sent out by the CDC Health Alert Network. The logo and email content were consistent with the email the CDC had sent out as a warning. The email encourages the victim to join the effort to help keep the virus at bay.

It is scary how realistic and well made the phishing email looks. It does a great job of copying the look and feel of the official alerts from the CDC. The email is designed to play on the concerns and the decency of the victims.

cdc fake email

Picture credit: Bleeping Computer

Faked emails from Wuhan

This phishing campaign has been targeting victims in the UK and US. It pretends to be from Wuhan medical specialists and claims to offer advice on dealing with the virus. The email contains a few of the common symptoms of the Coronavirus and the has an attachment that allegedly contains important medical advice.

The email prompts its victims to download the attachment by including the note "this little measure can save you." By downloading the PDF attachment the victim is at risk of infecting their computer with malware.

The scheme was first spotted by Mimecast, an email security service. The email is designed to prey on the panic being caused by the spreading virus.

coronavirus scam

Picture credit: Bleeping Computer

Spreading Malware

This third phishing scam is designed to infect your device with the Emotet strain of Malware. Emotet is a specific kind of malware that was designed as a Trojan aimed at stealing financial data.

The scheme follows a familiar pattern where the victims are tricked into clicking a malicious link. The reader thinks they are clicking to get information on mandatory regulations for protection against the Coronavirus. Instead, they are delivered the Emotet payload when they click the link. Emotet is extremely stealthy and very hard to remove.

These are just 3 examples and there are sure to be plenty more phishing attempts that use the concerns over the Coronavirus. Phishing emails are designed to prey on human behaviour and the fear, concern and sheer panic caused by the deadly outbreak of a virus is perfect for phishing emails.

It is important to stay vigilant with your emails. Attackers are not above using human suffering to deliver their attacks they might be there most effective phishing schemes.

How to stay safe from the Coronavirus phishing scams

You can find advice on how to spot phishing emails here but here is some specific advice for Coronavirus phishing emails.

Always inspect the link

Hover your mouse over the link to see where it will take you. This is especially recommended if you receive a direct message or something unexpected.

Don't enter account details

You should never enter any account credentials when you are redirected to a page from an email. Close the tab and find the genuine website and find the page you need there. That way you can be sure it is legit.

Just because the address looks legit doesn't mean it is

Not exactly a catchy heading but important none the less. It is very easy for attackers to spoof an email address to appear trustworthy. Keep your guard up no matter how legit the email address seems.

Don't act on impulse

Beware of any email that tries to make you act on impulse or arouses strong emotion. This is harder because some very good sales emails can do this (and I was this close to going to the Superbowl because of one!) but that is also what phishing emails prey on. So don't let impulse or emotion take over and follow the email security tips.


This article isn't trying to sell you anything it is just a warning that cybercriminals are using a distressing situation to cause more harm. Please take care with any email you may receive about the Coronavirus and any other email to that matter.

the definitive guide to social engineering and phishing

Join The Conversation

Please leave your comments below

Customer support

Recent Posts

Popular Posts