2 Ways Hackers May Trick You Using COVID-19 Phishing Schemes

The outpouring responses from those affected by COVID-19 has been both inspiring and heartwarming. Many companies are rising above these trying times by donating a sizable profits to causes in need. Others limited on resources are doing all they can to empower their customers, such as offering free shipping, inspiring their followers on social media, and participating in empathetic marketing campaigns.

But for every glimmer of hope during this recession, there’s a bad actor looming in the shadows. With more employees switching to remote operations, cybercriminals are capitalizing on clever schemes to acquire data or money— specifically, crafting sneaky phishing messages.

Be on the lookout for the two major ways hackers are tricking people during the coronavirus pandemic:


1. Phishing Emails

Over the last few weeks, nearly every American’s inbox was flooded with COVID-19 response emails from their favorite product or service providers. These compassionate messages addressed how the companies were handling the outbreak, including what you could expect from them in the future and tips for overcoming these difficult times together.

But not all these outreach emails have good-intent. Bad actors are dropping malicious emails into your inbox containing hidden malware or attempting to seize credentials to your personal accounts. 

When opening a message with a COVID-19 subject line, be cautious of its contents. Hackers are manipulating people’s weaknesses right now, targeting those who have lost their jobs with money-related offerings. For instance, a malicious email may ask to send you a direct deposit in light of a new stimulus bill. They could mimic the look of a government site and ask you to enter your banking routing number to receive a direct deposit of your payout. Or, they could imitate a hospital, warning you that rooms are filling up fast and that it may be wise to pre-register in the event a loved one falls ill.

2. Voice Phishing (Vishing)

Not only are bad actors attacking your inbox, they’re also targeting your voicemail. Callers are leaving automated voice messages posing as trusted figures. You may receive a call from a spoofed number pretending to be your bank, telling you that due to difficult times, they are shutting down this branch and need to reroute your money. They’ll ask to confirm your account number and empty your savings.

Or, the cybercriminals may ask you to visit a link on your device to learn more about their company’s COVID response— which sends you a malicious URL. They could even send a malicious link to your cell phone in an unsuspecting SMS message.

Stay In-the-Know with Kevin Mitnick

No matter what, think before you click on any links inside of a coronavirus-related message. Be just as cautious about sharing information over the phone and hang up if suspicious. 

Share these COVID-19 scam tips with your friends, family, and coworkers— and be extra vigilant of bad threat actors in the weeks to come.

Stay in-the-know about all things cybersecurity by subscribing to Kevin Mitnick’s newsletter, where we’ll share deep insights from the world’s most famous hacker and his Global Ghost Team to enhance your digital security.

Topics: Remote work

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

Red Team Testing vs. Penetration Testing

As the cost of cyber attacks continues to grow — in 2023, the worldwide cost of cyber attacks reached $8 trillion and, by 2025, the total cost is esti..

Read more ›

What Is Credential Harvesting and How Do Threat Actors Pull It Off?

Credential harvesting, otherwise known as credential compromising or credential theft, can be a highly devastating cyber threat. It also happens to be..

Read more ›

How Threat Actors Bypass 2FA and What Preventative Steps You Can Take

Two-factor authentication (2FA, or MFA) is a security layer designed to verify the identity of those logging in to accounts. By sending codes to the p..

Read more ›