How to Detect and Protect Yourself from Phishing Attacks in Times of Coronavirus

ElevenPaths    20 March, 2020
How to Detect and Protect Yourself from Phishing Attacks in Times of Coronavirus

The overinformation caused by the huge amount of news we receive about coronavirus makes it harder to distinguish true from fake emails. This poses a great risk to people’s security, since it can lead them to download malware that cyber attackers may exploit to access their victim’s data and steal their identity, causing economic and even health catastrophes. In the worst-case scenario, a phishing email could have serious consequences.

The number of those affected by COVID-19 is shocking and it is increasing every day. We all know that this disease is causing dire social and economic consequences worldwide, so we must follow the recommendations and impositions of the authorities to try to stop its spread. In the same way, we must take measures to protect ourselves from cyberthreats that may also impact on us individually and collectively.

Types of Phishing Emails on Coronavirus

Phishing emails about coronavirus, like those about any other topic, may have different forms:

  • Alerts from the Ministry of Health. Cybercriminals send emails impersonating legitimate organizations (government organizations, healthcare organizations, large companies, etc.) and including, for instance, a URL with a list of coronavirus cases in your region. Do not click on the link and delete the email!
  • Emails containing health tips. Phishers also offer supposed tips or solutions to protect ourselves against coronavirus. These emails may claim to be Chinese medical experts, where the coronavirus outbreak began, for example.
  • Emails about work policies. It is possible to receive phishing emails, not only in your personal email account, but also in the corporate one. Attackers may impersonate a well-known company or even the company you work for. In this case, check the sender’s domain because the link may contain malware.

Tips for Detecting and Avoiding Phishing Emails

  • Be very careful when asked for personal information online. Government institutions do not ask for social security numbers or other personal data just like that. Never reply to these emails or share any kind of personal information.
  • Other phishing emails are advertisements that claim to have a treatment or cure for the coronavirus. Typically, these ads try to trigger a sense of urgency, with limited offers or even setting a time limit to get the products. What you must do is simple: delete them, because if you click on them two things may happen:
    1. Download malicious software on your device.
    2. Buy the product and not receive it, that is: your money as well as and your personal information (such as your name, address and credit card) are stolen.
  • Analyze how they address you. Phishing emails are usually sent massively, so they do not usually use your name or are personalized in terms of content. Generic formulas like ‘Dear Sir or Madam’ suggest that you are probably facing a scam.
  • Check the links and email addresses. To inspect a link, mouse over the URL and a box will appear showing the site you are going to be redirected. As for the email addresses, look carefully at everything they contain and examine the domain (what goes after the “@”), look it up on the Internet, etc.
  • Pay attention to spelling and grammatical mistakes. It may seem silly, but usually legitimate emails do not contain any grammatical mistakes or misspellings, or very few. If you find too many mistakes, delete it.

Where to Find Reliable Information about the Coronavirus?

Always go to government’s and certified health institutions’ portals. Be selective when searching for information, contrasting it. The Spanish Ministry of Health has set up a portal to provide information about the coronavirus: https://www.mscbs.gob.es/profesionales/saludPublica/ccayes/alertasActual/nCov-China/home.htm

(The information below only applies to Spain)

You can also find a section on the website of your autonomous community to find out about the specific measures that are being implemented in your region.


Bear in mind that if you are a Movistar client you can activate Conexión Segura here, a service developed by ElevenPaths and Telefónica España together with McAfee and Allot. This service blocks, instantly and preventively, malware and fraud threats you may encounter when surfing the net with your devices.

Leave a Reply

Your email address will not be published. Required fields are marked *