Article - 30 June 2020

COVID-19 related malicious emails up by 600% – What can you do?

As COVID-19 has swept through Europe and the globe, our physical world has needed to adapt and change with it. Employment, communication, and commerce has all changed due to new social distancing requirements, pushing us into the digital world.

With more people than ever working from home, and with more reliance on the digital world, it only makes sense that scammers and cyber criminals would do the same … and they have done.

“Phishing email attacks related to COVID-19 increased by 600% in the first quarter of the year.”


Europol lists factors that prompt changes in crime and terrorism:

  • High demand for certain goods, protective gear, and pharmaceutical products.
  • Decreased mobility and flow of people across and into the EU.
    Citizens remaining at home and are increasingly teleworking, relying on digital solutions.
  • Limitations to public life will make some criminal activities less visible and displace them to home or online settings.
  • Increased anxiety and fear that may create vulnerability to exploitation.
  • Decreased supply of certain illicit goods in the EU.

This generates an ideal base for cyber criminals and the exact circumstances that COVID-19 has created.

London’s Liverpool Street station was used by over 70 million passengers last year and has seen a drop of 95%. Photo by Ben Garrett.

Increased Cyber-crime

Using major news events to carry out social engineering attacks is not a new concept and using COVID-19, criminals have carried out attacks themed around the pandemic to distribute a number of malware packages.

malware – is any software intentionally designed in order to cause damage to a computer, network, server, etc. Examples include computer viruses, ransomware, spyware, adware, and many more.

“Be vigilant, be sceptical, be safe. #WashYourCyberHands” campaign launched in response to the rapidly changing landscape during the pandemic.


There have been examples of medical workers being targeted by phishing attacks. Receiving emails with the subject line: “ALL STAFF: CORONA VIRUS AWARENESS” and being signed off “Best regards, IT-Service Desk”. The email contents invited staff members to click on a link to take part in a survey to show their awareness and used language such as “compulsory” and “mandatory”. If the link was clicked, it took the user to a third-party website that was disguised as the Outlook web app and any information typed in was passed to the criminals.

phishing – is the fraudulent attempt to obtain sensitive information such as usernames, passwords, credit card details, etc. by disguising oneself as a trustworthy entity in an electronic communication like email, or social media.

Photo by Zan on Unsplash

Why so effective?

  • It is common for scammers to take advantage of emergencies.
  • Effective phishing plays on emotions and concerns, coupled with the thirst for urgent information around COVID-19 – makes these messages hard to resist.
  • Businesses are working hard to stay afloat and need those vital pieces of good news to hit their inboxes; it could be a reply from the bank about a loan, or from a supplier about the materials you need to protect your business and allow it to reopen. Sending convincing emails claiming to offer quick solutions is very tempting.
  • As every business is letting their staff know their plans, email phishers are pushing billions of look-alike emails into the mix.
  • Employees are expecting information on their position, the government’s position and attacks that impersonate these groups have a much higher likelihood of being clicked.
Photo by Edwin Hooper on Unsplash

Why even more effective than in other emergencies though?

… because of all the things laid out at the start of this article. This pandemic has fundamentally changed things, and not just for a group of industries or people … for everyone.

  • Social distancing means staff are working from home and many are not used to it.
  • IT/Security resources have been hugely stretched by the rapid movement to working from home.
  • Isolated staff are much less likely to ask questions or report problems, or even have the simple option to ask the person next to them ‘does this look right to you?’.
  • Blind spots caused by people having to use machines not set up correctly for working from home.
  • IT/Security teams themselves being subject to furloughing or becoming ill.
  • … and of course, the weight of pandemic stress on everyone’s shoulders beyond the workplace.

“Coronavirus-related email lures now represent the greatest collection of attack types united by a single theme. We’ve observed credential phishing, malicious attachments, malicious links, business email compromise (BEC), fake landing pages, downloaders, spam, and malware, among others, all leveraging coronavirus lures.” 

Photo by Mohamed Hassan on Pixaby

What can we do?

The best thing any organisation or individual can do is to empower themselves, and their employees to spot possible threats. Spotting phishing emails is hard, spotting spear phishing emails is even harder. However there are some basic rules that if applied by everyone will greatly help any organisation during this time.

spear phishing – is the same as phishing but emails are superficially from a known or trusted sender in order to trick targeted individuals.

Five top tips:

  1. If you are unsure of the sender or the domain do not interact with that email without talking to your IT/Security team, or the person the email is supposedly from, over the phone.
  2. Be wary of any message asking you to click on links or open attachments. Teaching users to be sceptical of all attachments regardless of their source is greatly underestimated.
  3. Grammar or spelling errors. This is surprisingly common and something that can save you and your business a lot of time, money, and trouble.
  4. Urgency. Are you being told you must reply quickly? Do not feel pressure, always take time to think about who you are replying to and what information you are giving them.
  5. Flag it. If you receive a suspicious email do not just delete it, flag it as being potentially unsafe to your IT/Security team, or as Junk/Spam, so it can be blacklisted.

It is hard during this time to keep 100% vigilant, but hopefully you find some tips here to take with you.

Keep safe and thank you for reading. 

Next Article Back to News & Articles page