How to Spot a Scam During COVID-19

How to protect your confidential information.

Scammers and hackers are trying to take advantage of COVID-19 concern. These tips will help keep your information safe.


” );

” );
jQuery( “.shareBox”, this ).jsSocials({
shares: [“twitter”, “facebook”],
// URL to share
url: urlCurrent,
// text to share
text: shareText,
showLabel: false




En español: As the Coronavirus continues to spread across the world, scammers and spies have seized on peoples’ fear and confusion to steal their private or financial data. There are a lot of things to worry about with this outbreak, but a scam when you’re looking for critical public health information shouldn’t be one of them. Here are the known phishing scams related to Coronavirus and some tips on how to identify them and protect yourself.


What is phishing?

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. This is commonly done through email, but can also be done with fake websites.

There are two broad types of phishing:

  • Overall phishing can be blasted to thousands of recipients at once.

  • “Spear” phishing is more personal. You could receive emails or texts tailored to target you and your children, based on something a hacker may know about you or your family from social media.


Our Tips

  1. Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19. The CDC, WHO, and other organizations and experts do not communicate updates to the public via email, unless you signed up for notifications.

  2. Avoid clicking on links in unsolicited emails and be wary of email attachments. The best way to see where a link will take you is to hover your mouse cursor over it to reveal the true web address.

  3. If you receive an email from your child’s school that has links, attachments, or looks different from previous communications, call the school at a phone number you know to be correct.

  4. Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
  5. Avoid using peer-to-peer payment services like PayPal, Venmo, and Zelle if you’re paying a stranger for a product or service. If you pay using these apps and it turns out to be a scam, the app and your credit card company can’t do much to get your money back, since it’s up to the recipient of the payment to issue a refund.
  6. Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.
  7. Be wary of any messages that communicate a tremendous sense of urgency, pressure you into bypassing or ignoring security policies and procedures, or promote miracle cures.

  8. Enable two-factor authentication for your email account. This means that you have to enter a code texted or otherwise provided to you, to access your email account. That makes it a lot harder for a hacker to access your information remotely.
  9. If you think you’ve received a phishing email, report it to the Cyber and Infrastructure Security Agency right away. Here are instructions for how to do that:



Netflix Scams

During this pandemic, fake websites posing as Netflix have doubled, and the Better Business Bureau has reported an influx of fake Netflix pages, subscription renewal requests, and scammers posing as cable companies offering bundles of streaming services. 

Alerts from the CDC or the WHO

One subject line reads: Covid-19 – now airborne, increased community transmission. It is designed to look like it’s from the Centers for Disease Control and Prevention (CDC), and even uses one of their legitimate email addresses, but has in fact been sent via a spoofing tool. The link directs victims to a fake Microsoft login page. Once they’ve entered their email and password, the scammers have control of the email account. This scam looks especially authentic because victims are redirected to the real CDC advice page.

  • “Donate here to help the fight.” The fake CDC email asks for donations to develop a vaccine, and requests payments be made in the cryptocurrency Bitcoin.
  • “Little measure that saves.” Hackers pretending to represent the World Health Organization (WHO) claim that an attached document details how recipients can prevent the disease’s spread.
  • “This little measure can save you,” they claim. But the attachment infects computers with malicious software that records every keystroke and sends it to the attackers, a tactic that allows them to monitor their victims’ every move online.

Alerts from your child’s school

Some scammers have sent parents emails that suggest their child has been exposed to Coronavirus, and instructs them to click on a link, where they may be asked to enter personal identifying and financial information. 

Workplace policy emails

One phishing email targets work emails and appears to come from individuals’ employers. It begins, “All, Due to the coronavirus outbreak, [company name] is actively taking safety precautions by instituting a Communicable Disease Management Policy.” If you click on the fake company policy, you’ll download malicious software.

Coronavirus map

A map of where coronavirus has hit throughout the world purports to come from Johns Hopkins University. Clicking on this downloads malware that steals your credentials.

Health advice

“Click here for a cure.” This message purports to be from a mysterious doctor claiming to have details about a vaccine being covered up by the Chinese and UK governments. Clicking on the attached document will take you to a spoof webpage designed to harvest login details.

Home Testing Kits and Other Products 

New claims are popping up everywhere selling home testing kits for the Coronavirus and other “protective” items. These products haven’t been authorized by the FDA to test for or protect against the Coronavirus and could fail to work properly or simply not arrive at all. 

Financial scams

Covid-19 tax refund. This scam in the UK involves emails that appear to come from the UK equivalent of the IRS. Clicking on the link to “access your funds now” takes recipients to a fake government webpage, where they are encouraged to input all their financial and tax information.

Fake websites

Several fake websites have been flagged by cybersecurity companies and anti-virus testing services. As of March 14th, they include:

  • coronavirusstatus[.]space

  • coronavirus-map[.]com

  • blogcoronacl.canalcero[.]digital

  • coronavirus[.]zone

  • coronavirus-realtime[.]com

  • coronavirus[.]app

  • bgvfr.coronavirusaware[.]xyz

  • Coronavirusaware[.]xyz

  • corona-virus[.]healthcare

  • survivecoronavirus[.]org

  • vaccine-coronavirus[.]com

  • coronavirus[.]cc

  • bestcoronavirusprotect[.]tk

  • coronavirusupdate[.]tk


Answer our poll

Which consumer problem are you most concerned about during the COVID-19 outbreak?

price gouging on critical supplies
COVID-19 related scams
utility and student loan payment
airplane and travel refunds