Skip to content

Trending tags

RE: COVID-19 scams — How to spot and stop coronavirus email attacks

Jason Sattler

09.04.20 3 min. read


Fear works. But so does expectation, familiarity, authority and urgency. Cyber criminals know that you are expecting emails relating to COVID-19. By mimicking a familiar authority, using urgency and exploiting the globally felt fear due to the current health emergency, criminals can increase the effectiveness of their email attacks.

Malicious actors may use existing, real, materials as bait to encourage people to perform a risky action such as click a link or open an attachment. It is critical that users look at the sender of an email and examine any links contained within it before taking action. If at all unsure, users should report it.

Ask yourself three questions

It is important to ask yourself three key questions when you receive any email –

“Was I expecting this?”

“Is it asking me to do something?”

“Do I trust the sender?”

If after asking these questions you have any suspicion it is always better to report the email or contact a trusted person or department to check it. Even if it seems urgent, it is better to be slow and safe than respond quickly and recklessly.

Times of crisis often lead to actions out of the ordinary and sometimes decisions being taken at speed, these in turn might lead people to take a risk where they otherwise might not. Malicious actors can use these situations to develop a sense of urgency within the user or to play on their existing fears and anxieties. Unfortunately, at times when cognitive overload is common we have to be extra careful during day-to-day activities.

How they get you

F-Secure created this one-page guide to coronavirus email attacks to help you prepare to face your inbox with confidence.

covid-19 phishing

According to research from F-Secure’s Tactical Defense Unit, spam is incredibly common way to spread malware. Unit head and F-Secure Vice President Christine Bejerasco hosted a webinar on how attackers are using the pandemic to entice people to click. A favorite tactic is to hide executables in archive files attached to emails. Here’s a list of extensions to watch out for (in addition to PDFs and Office documents, which are also incredibly common).

And they’ve also spotted these real world examples of common attack angles that criminals have been using as part of their evolving efforts to capitalize on interest in COVID-19.

Internal Updates

Criminals may try to target your company specifically with emails that impersonate intercompany communications appealing to your diligence as an employee. Often the content will focus on new procedures or precautionary changes as a result of the Coronavirus outbreak.

External Updates

Who wouldn’t listen to the World Health Organization during a pandemic?  External updates play the trust you have for third-party organization.

coronavirus email attacks WHO


Many of us just want to do good right now and scammers will even exploit that urge with fake charity solicitations.

coronavirus email attacks charity

Personal Gain

Given the economic shock that is following the virus around the world, we have to expect that emails that appeal to economic need or greed will only increase.

Can you tell if you are being phished?

Here’s an example of a test email prepared for F-Seucre Phishd’s email awareness training. It emulates how real email attacks look to recipients. Can you see anything suspicious?

Here are a few things the F-Secure Phishd team would expect to raise red flags from security-conscious recipients.

In conclusion

Now is the time to be extra vigilant with your inbox. Consider each email carefully before clicking a link within an email, opening a file attachment or providing sensitive information.

If you have any doubts, DON’T CLICK those links and DON’T OPEN those attachments.

You can often contact your employer’s security team or IT department, or in lieu of this, local authorities, to report any phishing scams or other email attacks.

Jason Sattler

09.04.20 3 min. read


Related posts


Newsletter modal

Thank you for your interest towards F-Secure newsletter. You will shortly get an email to confirm the subscription.

Gated Content modal

Congratulations – You can now access the content by clicking the button below.