As concern around the Coronavirus has grown, unfortunately scammers have targeted mailboxes to see if anyone would fall for their usual tricks, using Covid-19 to lure people in. We know that these types of emails are not always easy to spot, so we have identified a number of examples and wanted to share these to raise awareness, in case you become a recipient of these malicious campaigns.
Action Fraud have issued warnings about fake text messages and emails offering the Coronavirus vaccine in an attempt to steal personal and financial information. If you receive a message claiming to be from the NHS asking you to apply for the COVID vaccine by providing your details, this is a scam. Always check the official NHS website for the latest information about the vaccination.
Examples of malicious Covid-19 emails
Here are some examples of real scam emails, so you know the kinds of things to look out for.
World Health Organisation
On first glance, this email looks like it’s been sent from a medical specialist, with an informative attachment providing safety tips. However, if you look closer, you can see that there a number of red flags such as poor grammar, the suspicious email address it’s been sent from, and the attachment it’s telling you to download.
This looks like a genuine, official email from the government advising on a tax rebate, however you can see that there are some details that don’t add up here; the hyperlink, poor grammar and strange content, as well as the lack of recipient address and suspect sender name. This is a well documented scam, you can read more over onYour Money website.
Using a deliberate subject title to draw you in, at first it appears to be a free health-checker which in the current circumstances, you may be drawn to open. On closer inspection, the suspicious hyperlinks in the document and poor grammar should make you question whether the email is genuine, and in this case, it’s not.
We take your security very seriously, so if you've received an email pretending to be from TalkTalk or another business, please let us know. Our security team will look into this, block and help prevent customers falling foul to criminals.
Stick to the following tips to ensure that you don't get caught out:
Look out for poor grammar or spelling mistakes
Never click on the links or open any attachments from emails you are not expecting
Check the sender – does it look legitimate?
Don't forward the emails to anyone, instead use the reporting button if you have that option on your email platform, or report email@example.com
Are you being asked to verify your bank details? Be wary of this
Does it use your full name? Phishing emails usually use terms like 'Dear Customer' as they don’t have your personal details.
Does it use an attention-grabbing subject header? Look for phrases like "you've won!", "forward this to everyone you know!" or "this is NOT a hoax!"
How to report a Phishing email
It's really easy to let us know about Phishing emails, just forward the email to firstname.lastname@example.org our security team will then check through these and block them on our network where appropriate. You'll get an email response acknowledging that they have received it and if anything further is required.
I work in Information Security department as a Senior Security Risk Specialist, my role is wide-ranging and therefore allows me to get involved in different parts of the business. This includes working with our customer facing teams to understand the latest threats and then designing articles or communication plans to ensure that our customers don’t fall for the tricks hackers are using