10 Coronavirus Scams to watch out for!

Updated: Aug 4

As organisations and individuals around Ireland work on slowing the spread of the coronavirus by limiting where people can go, cybercriminals are already posed, prepped and eager to target unsuspecting and stressed-out victims.


Cybercriminals are well aware of the potential profit to be had preying on the fear and panic caused by COVID-19, they prey on vulnerable people as they seek out information and data to maximise revenue. These hackers are instead spreading malware through mobile phone apps and websites and threatening users with ransomware, which use malware as leverage for monetary payments.

Here are some measures you can take to avoid falling for their scams.

  • Look closely at email sender addresses

  • Don’t click on links in emails – navigate to the site yourself

  • If someone wants you to call a number in an email, look up the number yourself on the company’s website

  • Be cautious opening attachments from people you don’t know

  • Be suspicious if the message has a sense of urgency

  • The sender or caller is asking you to give personal information, a credit card, or a money transfer – be suspicious of all of those and call to verify

In the past, cybercriminals have taken advantage of major global events, such as natural disasters, in similar ways, defrauding charities and impersonating legitimate health organisations like the Red Cross. In times of crisis, it is, therefore, even more essential to be prudent and adhere to best practices to combat common social engineering techniques.

The reality is no matter what specific examples of online scams you look at today, by tomorrow those will change.

Here are the top 10 coronavirus online scams to watch out for.

1. Statistics Maps

One of the earliest scams was an Android app, claiming to display a map of coronavirus cases and provide statistics of the spread of the disease, the application was ransomware built for mobile phones, it would change the phone password so that a user could not access their phone. It charged a fee to unlock the phone or reset the password back to what it was before.

2. Malware

Another scam currently being used is a delivery of malware via coronavirus updates from recognisable companies. I'm sure you've all seen emails come from companies that we do business with talking about how these organisations are dealing with this pandemic, emails that claim to be from a company and state that their attachment contains their statement about the coronavirus and its implications, unfortunately the attachment has malicious code so be aware!

The most common scams have used COVID-19 related lures to entice victims into interacting with malicious documents or URLs and will continue as the pandemic develops.

Users should be wary of unsolicited emails that contain supposed links to infection maps or safety bulletins, solicit charitable donations or claim to be from authoritative organisations like the HSE or WHO. These can be used to steal personal and financial data, spread misinformation and install malware.

Phishing emails, text messages and spoofed sites, designed to look like official communications, can easily trick a nervous user to click a link they otherwise would avoid.

3. Cures for Coronavirus

Fake websites that claim to offer information or treatments for coronavirus are another significant threat. The security industry has already uncovered one case in which hackers are using an interactive map of coronavirus infections to trick people into landing on a malicious website that claims to sell “infection kits”.

4. Medical Information

Consumers need to stick to the official HSE and WHO data sites for medical information or information about COVID-19.

The top risk to consumers and businesses is definitely from phishing scams that will try to impersonate the HSE, WHO and other agencies. By impersonating those agencies, as well as insurance companies and other organisations that are in some way affiliated with COVID-19, they will try to infect you with malware, hijack your online credentials and steal your money.

When it comes to financial theft, they will either do this directly, by trying to trick you into wiring funds to avoid insurance cancellation or to get an urgent shipment of badly needed items, or they will steal your card number and use it fraudulently.

5. Text Messages

More criminals will turn to text messages to carry out their phishing campaigns in what is known as ‘smishing’, we can expect to see more of these scams in the coming weeks and months as criminals will very likely use this platform to trick people into clicking a link, calling a phone number or installing an app. Any one of these will lead to information theft or financial fraud. They will use a variety of pretexts, including local warnings about infections or quarantine notices of pending health insurance cancellation or travel insurance claim denial.

6. Financial Issues

Another attack that criminals may use may capitalise on the financial difficulties everyone is currently experiencing as well. With the current state of the stock market, people may be more susceptible to open malicious attachments if they come from an organisation that they do business with.

7. Donations to Non-Profits

There are the techniques that appeal to your charitable side. In times of trouble, there is typically a rise in the number of scams requesting donations to help the needy.

It's wise to be very suspicious of these invitations for charitable donations, and if it is not coming from a source that you have previously done business with and recognised, it's wise to avoid these unrequested solicitations.

8. Tax Payments

Expect to see coronavirus phishing email attempts using the revenue label to steal your identity and/or banking information. A good example is revenue TAX back. The revenue has issued guidance on these types of scams.

There is a lot of effort being exerted by cybercriminals across the globe to maximise revenue using the coronavirus to commit crime. Individuals and organisations should exert extra vigilance and try to avoid opening emails, websites or answering calls that come from those pretending to be official authorities. Information should be accessed using well known, official websites, such as https://revenue.ie

9. Working Remotely

COVID-19 is forcing many businesses to consider how they can swiftly enable a remote workforce and do so in a safe and responsible manner. Workers remaining at home or possibly stuck in a remote location are going to be heavily dependent on their mobile devices.

Mobile attacks are particularly effective because they often trigger immediate responses from recipients — instant communication platforms such as SMS, iMessage, WhatsApp, WeChat and others.

Organisations should make sure that their employees devices are not running outdated and vulnerable operating systems or applications and that unauthorised software is not installed, as these can put the security of the device and corporate data at risk.

Companies are not prepared to have so many employees work from home. These employees are going to be at a higher risk of getting hacked and scammed because they are outside of the office and the company’s firewall.

Home WIFI networks are typically insecure with weak password protection and vulnerabilities in the devices themselves.

People will also be connecting to their offices via remote desktop tools, which can be hacked or hijacked. In fact, there are many places on the Dark Web that sell stolen remote desktop credentials. When people are away from the office, they are more susceptible to business email compromise and other social engineering attacks.

The hacker pretends to be the company’s CEO or another employee and tricks the person into conducting a money transfer or sharing online credentials.

One thing that we can be certain of is that that we are going to see data breaches and wire transfer fraud as a result of this outbreak.

A very common type of attack is a phishing-style cyberattack where an attacker sends an email to a remote workforce while pretending to be their IT manager. The email will typically ask employees to sign in to an online portal using their credentials to ensure they still have access to a business-critical resource.

Attackers will capture those credentials and then can move throughout an organisation until they capture the data or access they desire.

Another type of cyberattack that has become more frequent in recent weeks is a social engineering cyber attack. This is where an attacker, masquerading as a frustrated remote employee who cannot access business-critical systems, will contact an IT administrator or help desk technician and request access to sensitive data, infrastructure or assets.

10. Hospitality and Travel-Related Issues

Many people are inundated by emails from hotels, restaurants, travel providers and airlines giving input on the measures that they are taking to combat the virus.

Our appetite for information is vast and cybercriminals know this so there may be attachments or links offering further details or information and encouraging us to click before we think The hospitality industry is especially vulnerable at this time and very few communications with such links or attachments will be anything other than scams and they should be avoided.

Hopefully your spidey senses are more heightened and you can protect yourself and your company from these criminals.

If you would like to discuss our Cybersecurity bundle for businesses please get in touch with info@tusa.ie to find out how we can help you.


Contact Us

"Drop us a note and one of our team will reach out"

© 2020 by TUSA IT

 Address. Unit 17 Castlemartin Green,  Bettystown,  Co Meath 

Tel: +353 1 566 6673