Coronavirus Goes Phishing


One of the most commonly used tactics among cyber hackers is to use hot media topics to capture people’s attention and then take advantage of that interest to spread spyware, computer viruses, ransomware, and other malicious software aimed at committing identity theft and compromising personal, private, and business data. The global coronavirus pandemic is no exception – and has quickly become a new favorite topic among hackers eager to prey on people’s curiosity and concern associated with the virus.

This article includes useful information and tips such as:

  • What are coronavirus spam/phishing emails?
  • What are the most used strategies in coronavirus spam email campaigns?
  • Which countries are the most heavily targeted by coronavirus spam emails?
  • How to recognize and avoid cyber criminals falsely posing as members of the World Health Organization (WHO).
  • Strategies for protecting yourself from these cyber threats and others like them.

What are coronavirus spam/phishing emails?

Coronavirus spam email campaigns are “phishing” scams in which hackers send mass emails masquerading as news or reports on the coronavirus pandemic as a way to “bait” users into opening the email and clicking various links or attachments which then install various types of malicious software on the victims’ computers and devices for the purpose of stealing sensitive information and committing identity theft.

What are the hacker’s most-used tactics so far?

Tactic #1: Using Captivating Topics and Eye-Checking Keywords

F-Secure’s Tactical Defense Unit has tracked Croronavirus campaigns since January 2020. They found out that the earliest campaigns primarily targeted victims from Japan.  As the COVID-19 virus spread globally to other countries, so did the cyber attack schemes. Every hot topic that the media was identifying was quickly turned into misinformation about coronavirus.

Some of the Most common email subject lines used in the recent Coronavirus spam email attacks include:

  • Corona Is Spinning Out of Control…
  • Feeling Helpless Against Corona?
  • Military Sources Exposes Shocking TRUTH About Coronavirus
  • CoronaVirus is here, Are you ready?? (Learn how to survive..)
  • This is protective mask that you can wear to protect against fine dust, toxic gases or life-threatening viruses, such as the coronavirus.

21% of total emails had the word
Using these keywords, keyphrases, and others like them, hackers have been easily luring their victims into accessing links or downloading files.

Tactic #2: Faking the Coronavirus Live-Tracking Map from Johns Hopkins University

Another strategy used widely in coronavirus phishing emails campaigns has been the creation of almost identical interfaces of a map developed by Johns Hopkins University showing the COVID-19 infections, death, and recovery rates of people worldwide.

Fake Coronavirus Map of The John Hopkins University

The authentic map exists on the John Hopkins University of Medicine website and can only be viewed online. It CANNOT be downloaded and/or installed.

But hackers created a look-alike map that does ask users to download and install from a link or image.Once the download finishes and the map is installed (or sends a fake fail message), so is the malicious software called AZORult. Using this kind of phishing campaign cyber crooks can steal browsing history, cookies, cryptocurrency,  personal information like user IDs and passwords, and more.

Tactic #3 – Job and Business Related Messages did an analysis which shows that cyber attackers are currently moving towards topics that appeal to those worried about the financial impacts of COVID 19. In these cases, the attackers are looking to trick employees working remotely, the recently unemployed, business owners, and others concerned about the future of their jobs and/or the future of the companies they own or work for.

Some these “hot button” topics include:

  • Business continuity plans;
  • Service disruptions;
  • Lockdowns

F-Secure Researcher Maria Patricia Revilla Dacuno syas: “People should be careful about clicking on links or opening attachments when opening messages about business and employment topics right now, especially those from unexpected or unknown sources.”


This phishing attack sample above(example provided by F-Secure) shows the recipient information that they need to know about their company’s business continuity operations.

In the attachment there is a file called “necessary information” that infects the user’s device with Lokibot – malware that steals email credentials and passwords from browsers, FTP clients, and CryptoCoin wallets.


Here is another example of a spam campaign that lures victims by showing them information about various local lockdowns.

These coronavirus email campaigns are simple and efficient. They prey on the uncertainty that nearly every employee has in regards to the security of their jobs and how their company is trying to adapt to the economic impact of the Coronavirus.

One of the most simple positive moves a company can make is to handle internal communications seriously and follow best practices for web security – even when working remotely. This includes refraining from sending sensitive information over text message or instant messaging apps which often lack any sort of security protocols. Another good strategy for companies wanting to ensure that their employees are safe as well as informed is to
organize video training on a secure platform and inform their employees about the importance of these cyber crimes and how to identify a phishing attack.

By doing so, companies can avoid data breaches which can result in hefty fines, lawsuits, and loss of reputation.

To go deeper into the importance of website security we have written an article that shows you 6 reasons why website security is important plus 12 effective tips to protect your sites.

Countries Targeted Most by Coronavirus Spam Emails

A recent study by and compiled by shows that the country most heavily targeted by coronavirus spam email campaigns from January 1 to March 27, 2020 was the United Kingdom, where nearly 21% of total emails had the word “coronavirus” in the subject line.

The Contries Targeted Most By Malicious Coronavirus Spam

Other countries with high rates of coronavirus-related spam includes those with large numbers of internet users, recent spikes in coronavirus infections, and those with users whose personal or business information could be used to access financial data and other identity fraud details.

Users who live or work in these countries – or who regularly communicate with persons in targeted countries should take extra care to avoid opening unrecognized, unsolicited, or unfamiliar emails – and should even avoid clicking on links or downloading files without confirming the source. Sometimes, simply expanding the details on the sender will reveal that an email that appeared to come from a known contact was actually, in fact, simply using a familiar name associated with an unknown email account.

Beware of Cyber Criminals Pretending to be from the World Health Organization(WHO)

The WHO has posted guidelines on their site to make everyone more aware of the phishing attacks done by cybercriminals that are falsely claiming to be from WHO. Cyber crimes of this nature are being committed by hackers sending fraudulent emails and WhatsApp messages that attempt to scam victims into clicking on malicious links or opening attachments.

The World Health Organization’s guidelines closely follow that of other organizations who routinely work in industries or fields where personal data must be shared. Their promise appears below.

The World Health Organization will:

  • never ask for your username or password to access safety information
  • never email attachments you didn’t ask for
  • never ask you to visit a link outside of
  • never charge money to apply for a job, register for a conference, or reserve a hotel
  • never conduct lotteries or offer prizes, grants, certificates or funding through email.

If you do receive an email that seems to be from WHO make sure that the sender has an email address such as “” If there is anything other than ‘’ after the ‘@’ symbol, this sender is not from WHO.

For example, WHO does not send email from addresses ending in ‘’ , ‘’ or ‘’.

How to Protect Yourself from These Cyber Attacks

Think Twice Before You Click

Safety doesn’t have to be a complicated matter. If you do not remember contacting a certain organization or a certain person and you receive an email out of the blue, it isn’t unreasonable to initially treat it as you would a known cyber attack. Hackers often count on people being worried they might offend someone and so they overlook simple cyber safety measures.

If something seems to be strange about the email, don’t proceed. It may be something as simple as a lot of misspelled words. Or it may be sneakier, like a forged email address or “official looking” logos and labels in the email. If you encounter anything like the examples provided in this article or other emails that seem to be trying to lure you into accessing a link, providing a file to download, asking for your username or passwords, etc. just delete it. It’s even better if you can recognize unsolicited emails from your inbox listing, and delete them without even opening.

Always Examine the Link and the Email Address

Watch out for misspellings in URLs. Sometimes, but not every time, this can be a good indicator that you might be under a cyber attack. For example,; or are more likely to be imposter sites posing as trusted sites. Again, remember that if something seems to be suspicious, it’s usually because it deserves suspicion.

If you routinely receive advertisements through your email from well-known retailers, be aware that these are often ways hackers look to sneak their ways into your trust. They pretend to look like a familiar brand, and then try to get users to click a link or download a file to receive a coupon, discount, or prize. Always check the retailers’ web pages to see if the same offers you received in your email are being promoted on their own web sites as well. If not, it’s always better to miss out on a suspicious offer than end up dealing with the expensive, frustrating, and damaging results of following the scam.

Don’t Open Email Attachments Unless You Know the Sender

Never enter confidential information into a form attached to an email. Hackers can potentially track your information.

Guard your Financial Information
There is a good reason that the most feared crime for Americans in 2019 was the fear of having personal and credit card information stolen by cyber thefts. There is never any reason to share

Use an Antivirus Software
Even the most careful internet user can still fall victim to a phishing or spam attack. That’s why today’s most trusted antivirus software now also includes scanning tools for your email and websites to identify potential threats before they’re accidentally downloaded. Using these programs provides an extra layer of security based on commonly reported and emerging threats alike.

Work with a Professional Organization
It can be tempting to want to save money on internet security – but this is definitely one of the industries in which “you get what you paid for” definitely applies. Always be wary and cautious when it comes to “free software” or “no obligation” downloads, even if they’re for seemingly helpful solutions like antivirus software, spyware removal, or other similar tools. Instead, choose products and services that are backed by reputable companies, especially those with Better Business Bureau (BBB) ratings or consumer protection credentials.

Conclusion: Knowledge is Your Best Protection

Unfortunately, as we all know, the coronavirus has already spread to the entire world and is continuing to infect more and more people everyday. Cyber criminals are taking advantage of these situations to spread malware and other malicious software for identity theft and any other fraudulent activity they can manage to get away with. For many, it means the danger of not just one type of infection but two: the one that impacts your physical health and the one that damages your financial health and privacy.

As more apps and technologies are developed to monitor the spreading of this disease, most likely we will see an increase in coronavirus spam email campaigns. Hackers will use the same strategies but will be disguised as different topics. Remaining vigilant and taking extra steps to be informed by reputable sources at all times, not only helps ensure your safety, but also makes phishing and other cyber attacks easier to recognize and avoid in the future.

Leave a comment