Protect yourself from COVID-19 phishing scams

Check out our tips on common scams and how you can work to avoid them

How to spot a phishing email

We know that COVID-19 fraudsters are trying to get you to click on links, open attachments or reply with personal information. So, if you get an email asking you to do any of these things, don't automatically trust it.

Check the spelling: Read through the email to make sure that the spelling is accurate. Most companies and government agencies have editorial teams who carefully write all emails, so spelling mistakes are a tip off that the email you're reading might be fraudulent.

Are they pressuring you? Is the email putting pressure on you to click a link or open an attachment? Does the email say that it's urgent that you do this right away? That's a red flag. They're trying to get you to act out of fear rather than taking the time to examine whether the email is legitimate or not.

Stay clear of unknown senders: Another tip off is if you don't recognize who the email is coming from. Check the ‘From’ field in the email to make sure who the sender is. In phishing attacks, this ‘From’ address will often be disguised (or spoofed). Never open attachments or click on hyperlinks in emails sent by unknown senders, regardless of whether they are business or personal emails.

How to protect yourself

If you get an email that seems suspicious, make sure that you follow all the steps above. Only open links that you can guarantee came from a trusted sender. Have you followed all the steps above and you're still not sure if it's a trusted sender? Don't forward it on to friends or family members for their advice since they could also be scammed. Instead, report the email as a phishing scam to your email service provider.

If you get an email asking you to log into an account, you don't have to click the link in the email. You're better off using a web browser to go to the company's website and logging into your account there. That will ensure that you are on the company's webpage and not a site spoofed to look like it.

You can also protect yourself by installing anti-spam, anti-spyware, and anti-virus software on your computer. If you accidentally click on a link, these programs will help get rid of the virus when you run a scan.

While phishing attacks primarily come through emails, you should be aware that some also come via text messages. For that reason, it's a good rule to never click links in text messages from people you don't know.

If you get attacked

Even the most vigilant sometimes fall for phishing attacks. If you click on a suspicious link, install anti-virus, anti-spam, and anti-spyware software immediately or run a scan on your computer with the protective software you already have.

If you gave someone your credit card or account information via email or after clicking a suspicious link let your bank know and change your password immediately. Monitor your cards and accounts for fraudulent activity and report anything you find.

It's unfortunate that there are people are exploiting the COVID-19 crisis to take advantage of others, but by being careful and prepared you'll be able to stop them in their tracks and keep your information and accounts secure.