orange iconOperational Response Level: Restricted ›
Information Technology Solutions

Information Technology Solutions

COVID-19 (Coronavirus) Phishing Emails and Text Messages

March 19, 2020

A number of new phishing and online scams have surfaced seeking to take advantage of the public’s concern surrounding COVID-19. Scammers often seek to benefit from health scares and this pandemic has spawned dozens of such campaigns, scaring recipients into clicking on harmful links or attachments in emails, text messages and social media posts.

 

Examples of COVID-19 Scams

  • Fabricated notices from health organizations (e.g., Government Agencies, CDC, WHO or local health departments).
  • Information about protecting yourself, your family or your community that contains malicious links or attachments.
  • Charitable appeals, claiming to help victims of the virus, which are not legitimate.
  • Misleading ads or spam about masks or other protective gear, or other helpful hints to combat the virus.
  • Notices from financial institutions indicating online credential updates are required due to branch closures.

Tips to avoid getting tricked

  • Always verify the sender by checking their email address.
  • Beware of online requests for personal information. A coronavirus-themed email that seeks personal information like your Social Insurance Number or login information is a phishing scam. Legitimate government agencies will not ask for that information. Never respond to any email requesting your personal data.
  • Check the link. You can inspect a link by hovering your mouse over the URL to see where it leads. Sometimes, it’s obvious the web address is not legitimate. However, keep in mind phishers can create links that closely resemble legitimate addresses. Delete the email.
  • Watch for spelling and grammatical mistakes. Read the email slowly. If you see spelling, punctuation, and grammatical errors, it’s likely a sign you’ve received a phishing email, delete it.
  • Look for generic greetings. Phishing emails are unlikely to use your name. Greetings like “Dear sir or madam” signal an email is not legitimate.
  • Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to get you to click on a link and provide personal information — right now. Instead, delete the email.

 

Be vigilant for Coronavirus-COVID-19 phishing emails and text messages during the coming weeks. If you suspect a message may be a phishing scam, please report it by forwarding the email message as an attachment to phishbowl@rrc.ca

Have a cyber security related question?
Send it to CyberAware@rrc.ca