Skip to main content
A Better Partnership


Apr 2020
April 13, 2020

Beware of COVID-19 Scams and Phishing Attacks

During the COVID-19 crisis, criminals continue to ply their trade and many are trying to exploit the crisis for their gain. As an increasingly large number of employees work from remote locations, it continues to be important for businesses to educate their employees about these kinds of attacks to prevent information systems from being compromised.

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) have issued a joint alert about these threats. Common attacks include:
  • Phishing, using the subject of coronavirus or COVID‑19 as a lure;
  • Malware distribution, using coronavirus- or COVID‑19-themed lures;
  • Registration of new domain names containing wording related to coronavirus or COVID‑19; and
  • Attacks against newly—and often rapidly—deployed remote access and teleworking infrastructures.

Social engineering methods are often at the heart of these activities, relying on curiosity and concern to persuade potential victims to:
  • Click on a link or download an app that may lead to a phishing website or the downloading of malware, including ransomware.
    • For example, a malicious Android app purports to provide a real-time coronavirus outbreak tracker, but instead attempts to trick the user into providing administrative access to install "CovidLock" ransomware on their device
  • Open a file (such as an email attachment) that contains malware.
    • For example, email subject lines contain COVID‑19-related phrases such as “Coronavirus Update” or “2019-nCov: Coronavirus outbreak in your city (Emergency)”
To create the impression of authenticity, malicious cyber actors may spoof sender information in an email to make it appear to come from a trustworthy source, such as the World Health Organization (WHO) or individuals with “Dr.” in their titles. The messages will often contain links to a fake email login page. The emails may also purport to be from an organization’s HR department and advise the employee to open the attachment.

Malicious file attachments containing malware payloads may be named with coronavirus- or COVID-19-related themes, such as “President discusses budget savings due to coronavirus with Cabinet.rtf.”

The CISA and NCSC alert also provides examples of phishing email subject lines:
  • 2020 Coronavirus Updates
  • Coronavirus Updates
  • 2019-nCov: New confirmed cases in your city
  • 2019-nCov: Coronavirus outbreak in your city (Emergency)

These emails encourage the victim to visit a website that will try to steal valuable data, such as usernames and passwords, credit card information and other personal information.

While most phishing attacks come via email, some malicious cyber actors also use text messages that purport to deal with unemployment benefit applications or government financial support payments, but really link directly to phishing sites.

The CISA/NCSC alert provides many more details and is well worth reading.

If you believe that your business may have been the victim of a cyberattack, it is important to contact your attorney immediately. The Cybersecurity and Privacy and the Criminal Practice Group attorneys at Warner have experience responding to all sorts of cyberattacks. We can assist you with reporting the incident to law enforcement and making any necessary disclosures to stakeholders. Warner can also assist in connecting you with the experts needed to help you identify the attack, neutralize remaining threats and try to locate any valuable data or lost funds, and we can help you take steps to reduce or defend against litigation resulting from a cyberattack.

For questions concerning cybersecurity and privacy, please contact Norbert Kugele, Madelaine Lane or Brian Wassom.

NOTICE. Although we would like to hear from you, we cannot represent you until we know that doing so will not create a conflict of interest. Also, we cannot treat unsolicited information as confidential. Accordingly, please do not send us any information about any matter that may involve you until you receive a written statement from us that we represent you.

By clicking the ‘ACCEPT’ button, you agree that we may review any information you transmit to us. You recognize that our review of your information, even if you submitted it in a good faith effort to retain us, and even if you consider it confidential, does not preclude us from representing another client directly adverse to you, even in a matter where that information could and will be used against you.

Please click the ‘ACCEPT’ button if you understand and accept the foregoing statement and wish to proceed.



+ -