Vladislav Podolyako
Reading duration
Sand via email
Save in Pocket
Save in Flipboard
Send in Messenger
Send in Messenger
Send in Whatsapp

Becoming homebound, taking care of your elderly family members, maintaining a strict sanitizing routine, securing a future for your business…thanks to the COVID-19 outbreak, you have a lot on your plate. The panic and uncertainty don’t make things easier either. Wouldn’t it be nice for something to remain unchanged, despite the quarantine and the pandemic?

Good news, there is something that will never change.

Bad news?

It’s phishing. 

Fear-mongering is a common practice among phishers, so they’ll never miss a chance to contribute to the overall nervousness and anxiety for their own good. When businesses are concerned about their survival, they quickly seize the opportunity to slither into users’ mailboxes to plant their unwelcome messages paired with a malware link or two. 

This has been happening for weeks - from attacking businesses with phishing lures to sending malicious documents, phishers are relentless in their attempts to prey on people’s vulnerability and stress.   

This is obviously infuriating. But, as you know, there is no point in asking scammers to remember about common decency for a change. 

Instead, it’s up to you to take care of personal hygiene and the hygiene of your mailbox. Another addition to your already huge to-do list but worry not! We’re here for you, to show you the new types of phishing emails that abuse the subject of coronavirus and can potentially endanger your inbox. 

So, let’s check them out!  

Workplace policy emails 

This type of scam email is particularly dangerous to your business. It is sent to your employees under the false pretense of safety precautions, supposedly to inform them about changes to the workplace policy with a link to download the updated document straight away. It is highly likely that your employees will automatically and unknowingly download malware and expose your important data to phishers.

How to make sure this doesn’t happen?

Your only way to protect your teams from these messages is to educate them on the potential risks they pose. Let them know how to distinguish real, corporate emails from phishing scams. Point out the red flags – for example, a fake workplace policy email targets each employee individually, while many directors and heads of department prefer to add many recipients at once.

Remind them to check the sender’s address carefully. If it doesn’t look familiar or comes from the company’s domain, then it would be safer to send it to the spam folder and warn the rest of the team immediately. 

Health advice 

Who would refuse a health tip these days? A tip from a medic in Wuhan, no less! At least, this is what the email claims to be. It starts with a relevant subject line, such as “This safety measure will save you from coronavirus/Read those guidelines from Wuhan to protect yourself/Medical advice from Wuhan experts.” When you open the email, you will likely find a meaningless body text and a link.

“Follow the link to download the latest Safety Measures.” Yeah, sure. The link won’t get you a safety manual, only dangerous malware designed to steal your business/personal data or compromise your outreach.

How to make sure this doesn’t happen?

While people are showing support and comradery these days, strangers won’t be sending you health tips and downloadable content out of generosity. Remember that. Trust only the people you know and the medical portals you’re subscribed to. All the rest can take their advice elsewhere.

CDC emails

US-based companies are particularly familiar with those. Pretending to be sent directly from the CDC (Center for Disease Control), they’re designed to ‘warn’ you about the cases of coronavirus in your area. They urge you to look at the full list of cases by (you guessed it!) clicking a link that looks almost as if it was sent by the CDC themselves.  Phishers will often sprinkle in the words like “safety hazard”, “deadly”, “lethal” to intimidate you and make you click without doing a double-take.

How to make sure this doesn’t happen?

First of all, look at the address. Is it Or is it If it’s the latter, dump that email into a spam folder ASAP! The CDC uses exclusively to send their emails. Anything other than that is coming directly from scammers trying to mimic CDC as closely as possible and hoping that you’ll be intimidated by the scary subject line and click the link without hesitation.

Mobile malware

Mobile gadgets have always been an integral part of our work and leisure but right now their popularity has surged. No wonder that phishers have doubled their efforts in order to break into your smartphone and gain access to your personal and work-related data. They may try to lure you in by promising helpful apps and then locking your phone.

How to make sure this doesn’t happen?

Block any “developer” who tries to add you on WhatsApp, Skype or any messenger to offer you a demo or a quick install. Don’t follow any links that you receive via email, especially if the email is titled “This app will SAVE YOUR LIFE.” Look up the name of the app on credible platforms and google each of them to see what people have to say about their quality. Also, be careful with online maps that track reported coronavirus cases.

How to stay prepared for new cyber threats?

There is no doubt that we will be seeing a lot more scams soon. From people who try to use the subject of coronavirus as a way to make a profit by pushing products or services that do little besides taking away your money and belief in humanity to outright stealing your business data and holding it hostage/selling it as their own/infecting your computers, phishers will keep trying to break in, a scheme by the scheme. 

Scam triggers

Well, it’s nothing new. Therefore, it’s controllable. Similarly to COVID-19, you have to stay alert, fact-check and follow basic rules and guidelines.

Never trust any emails that don’t refer to you by name. If someone wants to reach out to you, they will most likely do basic research and create a template. If the message starts with “Dear Sir/Madam”, it means that your email address is a part of a randomly generated list. 

Delete emails that ask your personal information. Health experts, the CDC, and your boss don’t need your full name and your last name, your credit card number and other data – and they certainly won’t be asking you to fill out an online form on a suspicious website for “security concerns.” 

Treat poor grammar and urgency as red flags. Professionals won’t be bullying you into complying. They won’t fear-monger to make sure you click the link.  Extreme urgency is used only by cybercriminals who know that they have only one chance to trick a user, so they will be pushing all the emotional buttons available. 

Protect your network

This is another important factor in staying safe from coronavirus phishing scams. While many work teams protected themselves from contracting/spreading the disease by working from home, they left themselves exposed to other types of viruses.  We’ll elaborate some more on creating a safe and productive workspace during your quarantine in our upcoming posts. Currently, we’d like to outline the following rules on remaining vigilant and not letting cybercriminals ruin your experience and endanger your employees: 

Take care of your home Wi-Fi network since it offers fewer security measures than the network in your office. 

Make sure to invest in good, professional anti-malware – and see that your employees have it installed on their computers as well. 

Develop safety guidelines and share them with your teams to make sure they’ll be able to tell the difference between real emails and scams. 

Do routine check-ups on your employees, organize weekly virtual meetings to discuss concerns and ideas. Investigate every possible case of coronavirus phishing instead of brushing it off – it is wise to be careful and protect yourself against risk rather than be careless. Make sure to only use the tools and platforms that you trust. 

Protect your mobile gadgets. Don’t download any apps or programs for coronavirus monitoring – avoid using online maps. Stick to official sources such as WHO, CDC and National Institute of Health – they provide the latest information and updates without requiring you to download anything. 

Contribute to the cause. In our article about Gmail spam filters, we explored how it uses user experience to adapt to new cyberthreats. Be a part of that experience by flagging all suspicious emails and moving them to the spam folder. Adjust filter features to respond to phrases and words used by phishers. Share your encounters with your teams and colleagues. Building awareness and not staying silent will help everyone in the long run. 

We hope these tips will help you stay vigilant, see phishers through all their tricks and keep your business data safe

In case you’re currently working from home and want to make the most out of your stay, the post with tips on maintaining productivity while staying homebound is currently in progress. To make sure you don’t miss an update, you can become our subscriber and read all our new posts as soon as they’re published! 

We wish you the best of luck and 0% of suspicious emails in your inbox.

Vladislav Podolyako

Co-founder and CEO of Belkins and Folderly
Vlad’s decades of entrepreneurial wisdom and business building experience have allowed him to successfully mentor a diverse group of business owners, entrepreneurs in growing their companies. A recognized expert in the areas of transforming organizational culture and leadership development, B2B Sales, Marketing, spent more than 10 years building technology products, with a background in communication networks and electronic device engineering.