Phishing emails have always been an ongoing threat to business and with the recent Covid-19 pandemic, malicious actors are exploiting the global emergency to capitalise on the fear and frenzy for profit.

Researchers have discovered scammers are increasingly impersonating official agencies such as the Centre for Disease Control and Prevention, World Health Organization and other legitimate organisations like John Hopkins University, leading recipients to believe the phishing emails are authentic.

The emails have a number of different intended goals from distributing malware, stealing sensitive information (e.g. credit card details), selling fraudulent goods and asking for donations for fake cures or charities.

To minimise the effectiveness of phishing attacks, employee training is advised to raise awareness of common techniques and highlight the main indicators of phishing emails as listed below:

  1. Check the sender’s email address – does the email address appear from an organisation you know, and ensure the email domain is spelt correctly as malicious actors can create a similar address.
  2. Does it have a generic greeting – whilst some targeted phishing emails (e.g. “spear phishing” emails) can greet you by your name; many will instead use a generic greeting like “Dear Sir/Madam” which is an immediate red flag.
  3. Beware of personal/sensitive information being requested – a coronavirus-themed email that seeks personal/sensitive information like your login details is a phishing scam. Legitimate agencies will not ask for that information. Never respond to the email with your personal data.
  4. Look out for spelling and grammatical errors – if the email includes spelling, punctuation, and grammatical errors, it’s likely a sign you’ve received a phishing email.
  5. Check the email’s links – you can inspect a link by hovering your mouse button over the URL to see where it leads. Sometimes, it’s obvious the web address is not legitimate. But you need to be careful as it could be one letter missing or replaced with similar looking characters to make it appear legitimate e.g. (at first glance looks like, as the characters ‘r’ and ‘n’ appear as ‘m’).
  6. Does the email insist you act now – malicious actors will often try and create an urgency that demands immediate action. The goal is to get you to reply with personal information or click on the link without thinking it through clearly.

What to do if you already clicked or replied:

If you have already replied then don’t panic as there are a number of practical and quick steps you can take to address the situation:

  • If you’re using a work device contact your IT support and let them know what has occurred. If possible, carry on following the below steps.
  • Open up your antivirus and run a full scan of your device. Follow any given instructions with the results.
  • If you have been tricked into handing over your password, change your password immediately for all accounts that use the same password.
  • If you have lost money due to the scam. You will need to report this to Action Fraud by visiting

Coronavirus Fake Ads:

Alongside phishing emails, researchers have also seen a wave of fake advertisements for Covid-19 products that claim to offer treatment or cures. These adverts often try to create a sense of importance and urgency with terms like “limited supply”.

If you did click on these advertisements, you could have downloaded malware onto your device and should seek assistance.

Purchasing a fake product would result in monetary loss and you may receive a useless product, or more likely, nothing at all. Worse still, the malicious actor is now in possession of personal information like your home address, name and credit card information.

Overall, it advised to ignore any advertisements from organisations you don’t know or trust as they are unlikely to be legitimate. Recognising key indicators such as “forced urgency” or “suspect claims” can help users avoid and report suspicious content themed around Covid-19, reducing the chances of a successful attack.


Registered Office


2nd Floor

31 Chertsey Street




Security Operations Centre


11th Floor Centre City Tower

5-7 Hill Street


B5 4UA