Email scammers are taking advantage of coronavirus fears to impersonate health officials and trick people into giving up personal information

Prev Article Next Article

In this Feb. 16, 2020, photo, runners, some wearing masks, compete in a Kumamoto castle marathon in Kumamoto city, western Japan. Organizers of the Tokyo Marathon set for March 1, 2020 are drastically reducing the number of participants out of fear of the spread of the coronavirus from China. The general public is essentially being barred from the race. (Kyodo News via AP) Associated Press

Security researchers have identified multiple phishing scams that aim to capitalize on people’s fear of COVID-19, the disease caused by the Wuhan coronavirus.
Scammers pose as authorities like the Centers for Disease Control or World Health Organization in order to trick people into handing over their personal information.
The WHO has released an advisory warning people to avoid fraudulent emails about coronavirus.
Visit Business Insider’s homepage for more stories.

As the death toll from the coronavirus outbreak continues to rise, online scammers are using email phishing schemes in an attempt to profit on people’s confusion and fear surrounding the virus.

Security researchers have identified multiple phishing scams in which attackers pose as authorities like the Centers for Disease Control and Prevention or the World Health Organization in emails, offering information about the virus in order to trick victims into downloading malicious software or handing over their login credentials.

While the coronavirus outbreak constitutes a world health crisis, experts have warned against unnecessary panic, arguing that misinformation is causing an overblown response to the disease.

A scam identified by security firm Trustwave Holdings spreads false claims that the virus has spread to victims’ home cities, then prompts users to enter their email passwords in order to read more information. Another scam teases similar information, then uses malicious links to direct victims to a fake Microsoft Outlook portal that harvests credentials.

The World Health Organization released an advisory last week urging people to stay on the lookout for phishing scams related to coronavirus. A CDC spokesperson did not immediately respond to Business Insider’s request for comment.

Here’s how the scams work, and the steps the WHO recommends to avoid falling for them.

Check the sender’s email domain and see if it matches the website of the organization they say they work for. Then, check the URLs included in the email.
Trustwave

In this scam documented by Trustwave, the scammer purports to be from the CDC, but uses an email from a domain other than cdc.gov and includes misleading links that lead to a different site when clicked.

Don’t trust login pages with unfamiliar URLs.
Trustwave