How to combat email phishing and scams related to COVID-19

Ever since the outbreak of COVID-19, the number of cyber scams have alarmingly increased as scammers try to prey on a fearful global community. Over the last few weeks, especially, people around the world have raised concerns about receiving various forms of email phishing, such as false alerts, scam threads, and misleading emails.

covid-19 email phishing and scam


We at Zoho Campaigns are concerned about the privacy and safety of our customers and your personal information, so this is a brief article on how you can avoid falling victim to phishing.


Why would someone send phishing emails now?

Cyber criminals are conveniently using the pandemic as a means to get access to people’s sensitive data through emails delivered to their computer systems and phones. These fraudulent emails capitalize on the fear of the recipients and their concerns about their protection against the virus, both physically and economically.

Additionally, there’s also been a sharp rise in the number of website (domain) registrations and SSL certificates that carry the name “COVID,” “Corona,” or “COVID-19.”

Phishing is primarily done for the hacker to locate and control your details like passwords, credentials, credit card information, and more. It could arrive as a malicious link click, malware download, or information feed of any kind through emails. As recipients are more likely to cede to their fears and perform any action stated in the emails to safeguard their health and safety, these cyber criminals have been thriving steadily for the last few weeks.


What could be treated as a phishing email?

Now that we know the intention behind these hackers, the next focus is to identify what could be potentially classified as phishing emails. At times like this, it’s likely that recipients will receive empathetic emails from brands that show care and support. But it’s also important to avoid certain emails that can unknowingly bring harm to you.

Here are some common email types that have been received by users worldwide and treated as phishing:

Impersonating government or international bodies

These emails mention the World Health Organization (WHO), Centers for Disease Control and Prevention (CDC), and so on, in the email content, subject line, or the sender address, while including malicious URLs that take you to random websites or attachments that can spoil your system when downloaded. 

Eg. WHO does not send email from addresses ending in ‘’ , ‘’ or ‘’.

COVID-19 email phishing and scam

Source – Proofpoint

Donations, financial or relief aids, and charitable trusts

Most scammers send these emails in order to collect money from you either through bank transactions or bitcoins. Additionally, they can also hack your banking accounts, retrieve personal data, and cause problems with future transactions. Some emails even offer fake tax refund eligibility for the donation that you may provide.

COVID-19 email phishing and scam

Source – Mimecast

Medicinal cures, face masks, and vaccines

Since many people are captured by the fear of the disease, scammers will prey upon this fear and project false goodwill in the form of health advice or a remedy to the disease through medicines and vaccines. Emails may specify purchasing these vaccines, home remedial cures, or even face masks—a way for the hackers to get your data and cheat you with wrong products or leave you empty-handed.

COVID-19 email phishing and scam

Phishing email promising a vaccine for COVID-19. (Source – Forbes)

Travel, entertainment, and logistics

With transportation, manufacturing, and many other industries stalled, scammers are sending emails with lucrative offers and coupons to redeem for entertainment or travel facilities—for example, a subscription to movie-hosting services or a false renewal for a travel ticket that was already canceled.

COVID-19 email phishing and scam

A sample WhatsApp message people were asked to send, after filling up a survey in the fake email sent regarding Netflix’s free subscription for the lockdown period. (Source – Economic Times)

Steps to avoid the risk of phishing and scams

While you can’t completely stop cyber attackers from sending phishing emails, there are some precautionary steps you can take before you respond to an email. Here’s a quick five-point checklist:


1. Verify the sender’s email address and name before you open and process the email. Additionally, look out for the brand/company logo to ensure credibility.

2. Don’t download the attachments before you read the email content fully. Also, in any case of suspect or misleading content, avoid any kind of email downloads.

3. Before clicking on the inline URLs or call-to-action buttons, hover your cursor over the link to see where it leads. There are many fake domains that may be interlinked but kept discreet with convincing inline URL text (for example, a link that reads “WHO” taking you to the scam website). So, copy and paste the URL embedded in the text instead of clicking.

4. Ensure the email content doesn’t have many spelling errors, grammatical mistakes, or faulty layouts. 

5. Don’t rush to provide your personal information when asked in any manner inside the email—form, survey, or fields. Think twice and validate your call before feeding your details for anything, from submission to transaction.

Legitimate sources of COVID-19 information 

Instead of giving in to scam emails, follow some authentic and credible sources of information like the WHO and CDC. You can also keep tabs on your preferred online news platforms, official/government-run news sources (online and offline), social channels, or e-magazines, to stay up to date.

You can also check the live dashboard from Zoho, which reflects COVID-19 statistics from countries across the world.

We hope you and your family stay safe, both from the virus as well as the cyber criminals and their email phishing activities.

Take care, and feel free to get in touch with us at for any assistance.

~ Zoho Campaigns Team


Leave a Reply

Your email address will not be published.

The comment language code.
By submitting this form, you agree to the processing of personal data according to our Privacy Policy.

Related Posts