Navigation skipped

How to avoid common coronavirus phishing scams

Cybercriminals are capitalizing on fear surrounding COVID-19 with several new phishing scams. Learn how you can keep yourself safe from coronavirus scams.

Updated March 16, 2020
5 min. read

The global outbreak of the novel coronavirus – also known as COVID-19 – has caused widespread fear and anxiety. Now, cybercriminals are exploiting that fear with a surge of new phishing scams that try to persuade people to click on a malicious link or download a dangerous file. Unfortunately, their scare tactics can work, and scammers can walk away with sensitive personal information.

Reports of these COVID-19 scams have grown in recent months: there was a 667% spike in phishing emails worldwide from the end of February to late March 2020 alone.

The latest phishing campaigns include emails, texts and social media posts related to COVID-19 that try to put malicious software on your devices or persuade you to give up your personal information. These scams are becoming increasingly widespread and sophisticated as they prey on our growing concern about the spread of COVID-19.

You can protect yourself by learning how to spot scams and understanding the steps you need to take to defend yourself from cybercriminals.

What are the coronavirus phishing scams?

The coronavirus phishing scams are the latest version of a common scheme. As part of the scam, cybercriminals send an unsolicited email or text to potential victims. These messages are made to look like legitimate communications from health care providers, government offices, retailers, employers and other trusted sources.

The emails offer information and advice about the virus to get you to unknowingly download malicious software or give your personal information. So far, versions of these phishing emails have been made to look like official communications from:

  • The World Health Organization (WHO)

  • The Centers for Disease Control and Prevention (CDC)

  • University and college health services

If you receive any emails or text messages about COVID-19, especially ones that direct you to click a link or download an attachment, exercise caution.

Here are some current COVID-19 phishing scams to watch out for

Learning more about these scams can help you avoid them in the future. Here are some common variations of COVID-19 phishing scams that are circulating:

Updates from employers: Scammers send emails that appear to come from your employer, with updates about their COVID-19 policies. These emails link to malicious content.

Example: An email that looks like it came from an employer that contains a link to a company’s “Communicable disease management policy.”

Text messages about COVID-19 testing: There have been reports of scammers sending SMS messages that urge the user to click a link for information on how to get tested for COVID-19, or that offer test results. Some request your health card and credit card to schedule an appointment.

Example: A text from an unknown number with a message that says: “You’ve received a new message regarding COVID-19 symptoms and where to get tested in your area” and includes a link to a fake website.

Government compensation messages: There’s been an uptick in fake emails and texts that appear to come from the Government of Canada, offering employment insurance deposits and other government compensation.

Example: A text from an unknown number with a message that says: “Alert: The emergency response benefit of Canada relief fund has sent you a deposit of $1300. Deposit your money here” and includes a link to a fake website.

Medical tips and product offers: Scammers are sending texts and emails offering medical tips for avoiding COVID-19 and information on where to buy medical products, including face masks, online.

Example: A text from an unknown number with a message that says: “Get free surgical masks from the Red Cross” with a link to a fake website.

“When you read phishing emails closely, you can usually spot the scam before falling victim to it.”

More resources on phishing scams

Phishing scams are increasingly common, and cybercriminals are becoming more sophisticated with their schemes. Here are some more resources to help you avoid these scams:

How to protect yourself from phishing scams

Phishing scams can be costly, but you can protect yourself by following these tips:

Read emails and texts carefully

When you read phishing emails closely, you can usually spot the scam before falling victim to it. Read your emails carefully and watch out for these red flags:

  • impersonal or generic greetings

  • spelling mistakes

  • grammatical errors

All of these can suggest that an email is actually a phishing scam.

Check links in emails by hovering before you click

When you receive an email with a hyperlink, avoid clicking the link right away. Instead, hover over the link text to see the actual URL that the linked text points to. That way, you can see if the URL leads to the site indicated. If it leads to a suspicious or unexpected site, avoid clicking.

Don’t respond to companies or people you don’t know

If you receive unsolicited emails, texts or phone calls from companies or people you don’t know, it’s best not to respond. Even if an email appears to come from a company you’ve interacted with before, be cautious if:

  • the “From” address looks suspicious

  • it comes from a person you haven’t emailed before

  • the email greeting is generic, like “Hello customer”

Don’t click on attachments or links from unknown sources

Attachments from people you don’t know can contain viruses or malware that can compromise your computer and access your personal information. Don’t click on a link or fill out a form within an email that asks you to:

  • verify your account

  • reset your password

  • provide confidential information

Don’t feel pressured to reply to an urgent request

Generally, the greater the sense of urgency, the greater the chance it’s a scam. For example, if you receive threatening emails or texts that include phrases like “your account has been suspended,” “download immediately for more information,” “dial X to hear about your court date,” don’t panic and don’t give out your personal information; they’re most likely scams.

Remember, BMO will never contact you through an unsolicited phone call or email to ask for personal information or account details. If you get a suspicious email that looks like it came from us, report it by emailing or calling 1-844-837-9228.

Staying safe online

Visit our Security Centre for more ways to protect yourself online.

Go to Security Centre

Have questions?