COVID-19 Phishing Scams: 5 Useful Tips To Help Your Employees Spot Them

by | September 20, 2021 | How to, Cybersecurity

What’s a scammer’s favorite leisure activity during a pandemic? You guessed it right: it’s phishing. And it’s becoming a big issue for everyone, especially organizations.

But not to worry. We’ve got you covered with our five recommendations on how to spot COVID-19 phishing scams.

COVID-19 phishing scams take advantage of people's fear regarding the pandemic.

COVID-19 Phishing Scams

The bad guys actively take advantage of the COVID-19 pandemic by sending out malicious emails and making phone calls that attempt to fool you into giving them your personal information or clicking on malicious links or attachments.

The phone calls and emails may sound and look legitimate. In some cases, threat actors go as far as adding logos or branding for the World Health Organization or other government or public health agencies. Some of the most notable COVID-19 phishing scams include convincing victims to install malicious pandemic notification apps or calling with offers of fake home vaccination kits for a fee.

Figures paint a rather grim phishing landscape for companies, so keep reading to learn what you can do to spot and prevent such potentially devastating attacks.

1. Be Skeptical

Malicious emails and texts can look like they indeed come from a reputable and trustworthy organization or person. If you have even the slightest doubt about a text or email containing health information or requesting donations for people affected by the new disease, stay away from telephone numbers, links, attachments, or website addresses provided as they may link you to the scammers.

Also, be wary of ads for cheap or scarce items, such as cleaning products and personal protective equipment. If an offer seems too good to be true, it most probably isn’t. Discover more tips on how to spot phishing attempts here.

2. Be Cautious

You should never send personal and/or financial details via email, text, or over the phone if the call seems suspicious. If you’re not the one to make the call, you’re not able to verify the identity of the person on the other end of the line. It’s best to hang up and use a phone number you are sure is correct. Also, be very wary of unsolicited phone calls offering COVID-19 tests or vaccines. Official healthcare providers are the only ones that can perform examinations and administer safe vaccines.

3. Don’t Respond

If you feel uncomfortable with the questions you’re asked over the phone, do not answer and tell the caller that you need to verify that the call is legitimate. No reputable entity will take issue with that reasonable action. Next, call the organization back on a phone number you’ve looked up yourself.

If you’ve already provided your banking or credit card information or confidential company-related information, contact your bank and/or let your IT security team know of the incident.

COVID-19 phishing emails and texts often contain embedded links that look harmless enough. However, if you hover over them, you should see the actual hyperlink. If the address isn’t the same as what appears in the email, you’re probably being phished. Also, never open suspicious attachments.

5. Protect Your Devices

Last but not least, make sure that your devices are protected against online threats. Install anti-spam, anti-spyware, and anti-virus software and always keep them up to date.

If a phisher targets you via email or text, here’s what you should do: report it and delete it. When reporting the fraudulent attempt to the organization being spoofed, make sure to send the email or text as an attachment.

ATTACK Simulator To The Rescue

If recent attacks are any indication, phishing can be extremely devastating, resulting in immense financial damage or even the end of your business. Scammers know your company’s weakest link in the chain is your employees.

Why would you need security awareness training for your employees? For many reasons, but here are the most important ones:

  • To prevent cyberattacks and breaches
  • To strenghten your technological defenses
  • To attract more customers
  • To make you more socially responsible
  • To empower your employees
  • To meet compliance standards
  • To prevent downtimes and maintain a good reputation

Why Should You Choose Us?

We know there are plenty of options out there. It’s only natural to ask “Why ATTACK Simulator?” Our product offers professional cost-effective solutions tailored for your enterprise needs.

These are some of the perks of choosing us:

  • Automated attack simulation – we simulate all kinds of cyberattacks: phishing, malware, ransomware, spear-phishing, identity theft, online privacy attacks, online scams etc.
  • Real-life scenarios – we evaluate users’ vulnerability to give company-related or pesonal data away using realistic web-pages.
  • User behavior analysis – we gather user data and compile it in extensive reports to give you a detailed picture of your employees’ security awareness level.
  • Malicious file replicas – our emails contain malware file replicas, to make the simulation as realistic as it can be.
  • Interactive lessons – if employees fail to recognize our traps and fall into one, they will be redirected to landing pages with quick reads on the best security practices.
  • We impersonate popular brands on our simulated phishing pages – the user will be more tempted to click on the URL or open the attachment in the email.

ATTACK Simulator’s Security Awareness Training program will help you equip your employees with the necessary security knowledge and up-to-date security practices to keep your company safe from scammers and avoid potentially irremediable damage.

How would your employees react when faced with a phishing attempt? Put them to the test with our free security awareness training trial and know for sure!


Feature Image: Health photo created by freepik –

Internet illustrations by Storyset

Work illustrations by Storyset

by Diana Panduru

Content writer for Attack Simulator. Passionate about all things writing and cybersecurity, and obsessed with driving. I sometimes indulge in pencil drawing, poetry, and cooking for fun.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.