Skip to content
Products and Services PRODUCTS & SERVICES

Coronavirus scams: what to look for and how to stop them

Common attack techniques plus three practical steps to help minimize risk.

Hackers are busy exploiting coronavirus in their attacks. In recent weeks SophosLabs has seen a surge of COVID- and Corona-related domains registered – while some will be legitimate, it’s a fair bet that the majority are destined for criminal purposes.

Common attack techniques

Phishing attacks using COVID-19 as a lure are the most visible and immediate cybersecurity risk right now. Common tactics include:

Coronavirus news

Beware of emails, SMS, and WhatsApp messages from unknown sources with information on coronavirus. Often hackers impersonate legitimate organizations and people to make their messages more believable.

Home delivery scams

With many people waiting on home delivery of essential items, hackers are impersonating delivery services. Their goal: to trick you into clicking malicious links or con you into paying extra ‘delivery’ fees.

We’re also seeing coronavirus used in other ways, including:

Extortion attempts

Criminals threaten to infect people with coronavirus unless you pay them. Often these threats include a small piece of personal information to make it more believable.

Malicious apps

Purporting to give you useful information on coronavirus, these apps enable the crooks to access all the information on the device – and even hold you to ransom.

Malicious documents

These documents claim to contain coronavirus-related information. Upon opening them you’re asked to ‘enable editing’ and ‘enable content.’ Doing so installs malicious software onto your computer.

Practical steps to minimize risk

In the current situation, many people are lowering their guard to phishing attacks and scams. We’re more anxious, more eager for information, and therefore less likely to question something that could be suspect.

With that in mind, here are three practical steps you can take to minimize the risk from coronavirus-related attacks.

Enable Multi-Factor Authentication (MFA)

MFA is a great form of defense against attacks that use a fake login page to trick people into entering their credentials.

Raise awareness of these scams amongst your employees

A simple, but effective, step is to always looks at the actual email address used to send the email, not just the display name. (If you’re on a mobile device click on the display name to reveal the real email address.)

Sophos Phish Threat, our phishing simulation and training tool, is available to everyone for free for 30 days, and now includes a coronavirus phishing template to help train your teams.

Make sure your endpoint and email protection are well-configured

When properly set-up, good protection can catch a phishing attack in multiple ways. You can try our endpoint and email protection for free at any time.

For a more extensive exploration of the cybersecurity concerns due to coronavirus and recommended mitigations, read Protecting your company during COVID-19: guidance for CIOs and CISOs by Ross McKerchar, Sophos Chief Information Security Officer.


After all the PuP’s and Malware that Sophos has caught since I got Sophos years ago, I rest in comfort . Thanks Sally


Hello Sally! Thank you for this informative article. Knowledge has never been more important in this trying time. I’m extremely sad that despite of what’s happening now, we need to make sure to protect ourselves from scammers while trying to keeping us updated on this pandemic.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!