Women wearing face mask on computer

Spotting Covid-19 Phishing Emails

As the pandemic continues, COVID-19 themed phishing emails are only becoming more prevalent. For cybercriminals, global, life-altering tragedies such as the coronavirus pandemic, merely provide more opportunity to exploit the public for personal gain.

Currently, Google is blocking 18 million coronavirus scam emails every day for Gmail users alone. While large tech and cybersecurity companies are doing their best to protect the public from these attacks, its important you and your staff can also identify phishing emails- before it’s too late.

So, here is our advice on how you can identify a threatening email and what emails to look out for.


Popular COVID-19 strategies

The three main strategies Barracuda (a leading provider of security systems) have been seeing are:

  • Scams: claiming to sell a cure, face masks or pretending to be a company developing a cure looking for investors
  • Brand impersonations: emails claiming to be WHO, Government, HMRC, CDC or charities seeking donations
  • Blackmailing: emails threatening to infect their target and their family unless a ransom was paid.

If you receive any emails of this nature, either delete them immediately or proceed with caution. You can use our list below to determine If this email poses a risk.


Tips for identifying a phishing email
Check the email address

Any email addresses from an established organisation will have a company email domain (e.g. Joeblogs@cygnet.it). If the email is from a public domain (such as hotmail.com or gmail.com) it is very unlikely to be from the organisation it claims. If an email comes through showing the name of the company instead of the email, absolutely be sure to check that the email address is genuine. This is a common way cyber-criminals will try to hide their email address from view of their victims

Poorly Written Emails

A classic tell-tale sign of a dangerous email is if it is badly written. Look for bad spelling, punctuation, grammar, or sentence structure. If it doesn’t read well, you have reason to suspect this could be a potentially dangerous email.

Generic opening lines

Dear sir, madam, all, team, everyone, etc. Phishing emails tend not to be personalised as they aim to be sent out to mass groups.

Sense of urgency

If it says you have to act now, there’s no time, immediate action required, no time to waste – you know the only action required is you deleting that email right away.

Actions Required

Emails will usually contain a request to click a link, visit a website, transfer funds, require you to log in to an account, or ask you to directly share sensitive information. You can check a link before using it by hovering over it and viewing the address. If it doesn’t take you to the site it says it should- do not click the link. If you are warned about the contents of a file- do not open it without first calling the apparent sender and confirming, it’s safe.


A good general rule of thumb is, if you are suspicious, don’t click anything and don’t open any attachments.

If it’s from an organisation, visit their website (not through a link in the email) and contact them directly to discuss the emails legitimacy.

If it’s an email from an organisation or business you are not familiar with, don’t open the email.


What should I do if I experience one of these emails?
  • If you have supplied any financial information or personal details and believe the email may have been a phishing attempt, contact your bank immediately and make them aware of the attack.
  • If you think you may have downloaded malware, disconnect WiFi and network cables, do a malware scan and call a professional for support. Do not plug in any USB sticks, don’t send any emails.
  • It’s also important you report any emails you believe to be a potential threat to Action Fraud to keep officials aware of new and emerging cyber threats.

We hope these rules help you and your teams to stay protected during this lockdown and in the future. While there may be heightened awareness around these threats now, they are in fact a very common threat that is prevalent all year round.

Be careful and stay safe.