Skip to content

Combatting the Rising Threat of COVID-19 Email Scams

May 28, 2020

The coronavirus has impacted several countries across the world, forcing businesses to adapt to new ways of getting work done. For many businesses, this means supporting a suddenly remote workforce.

To best protect their employees in the face of coronavirus-related email scams, companies can deploy technology solutions that help detect and prevent common hacking techniques like phishing.

Cybercriminals have adapted to COVID-19

Unsurprisingly, cybercriminals have modified their phishing and social engineering techniques and are using the panic, fear, and curiosity surrounding the coronavirus pandemic to launch cyber attacks.

In March 2020, Security Magazine reported that Coronavirus-related spear phishing attacks increased 667% from a month prior. These phishing attacks included general scams, brand impersonation, and business email compromise.

Examples of COVID-19 cyber scams:
  • Selling fake coronavirus-related products or remedies
  • Solicitations to donate to victim funds in order to swindle victims’ money
  • Advice for unproven COVID-19 treatment with malicious email links or attachments to install ransomware or harvest a victim’s personal information or credentials
  • Fabricated notices or updates from health officials such as the Centers for Disease Control and Prevention (CDC), the Department of Health and Human Services (HHS), or local health departments and hospitals
  • Fake updates from company HR departments about policies and procedures related to COVID-19
  • Other fabricated workplace policy updates, such as when offices may reopen
  • Sham websites with COVID-19 tracing maps or counts of infected people that have malicious links
  • False information about coronavirus-related stimulus checks
  • Emails claiming to have information about a company’s US CARES Act and Paycheck Protection Program (PPP) loans or grants
  • Alerts about winning free groceries, free face masks, hand sanitizer, or other goods

If you are a victim of a phishing scam

Victims of phishing scams can file a complaint with the US Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3). 

Changing the password to accounts that may have been compromised in a phishing attack is one way to prevent further scams. These scams lure victims to enter account usernames and passwords into a credential harvesting fake website. Password manager software can also be used to manage strong and unique passwords across their business and personal user accounts. These tools reduce the burden of users having to remember multiple passwords while also informing them when their passwords have been compromised.

Learn more about remote work security from G2 Research experts  Join the discussion here →

Using multi-factor authentication (MFA) on important business and personal accounts can help better secure user accounts. The most common factor to prove a user’s identity is through knowledge challenges, such as supplying a username and password. But with the rise in password hacking, using only one factor of authentication often does not provide enough security.

According to a recently released G2 survey, fewer than one in four remote workers use multi-factor authentication tools to access business information which puts companies at risk for data breaches. 

Read more: Learn effective strategies for securing a remote workforce →

MFA is a way to prove that the user is indeed the person they say they are using multiple means. Often, MFA can be achieved with one-time passcodes sent to users via SMS, email, or voice calls. It can also be performed using software tokens on authenticator apps or hardware tokens that use physical security keys. Biometric authentication, using fingerprint, face print, or voice print validation is also gaining popularity with consumers.

Combatting COVID-19 scams by employee training

A relatively easy solution for businesses to combat coronavirus-related phishing attacks is to educate employees about the types of phishing attacks they may be presented with. Actions could include not clicking links, marking an email as spam or phishing, and informing the company security or IT teams. Regular security awareness training empowers employees to take the right actions when confronted with cyber threats. Security awareness training software generally offers online security coursework, simulated attacks, and assessment tools to train a workforce at scale.

Despite being a generally simple solution, another recent survey conducted by on the security of over 600 full-time remote workers found that 55% of remote employees had no security awareness training, which leaves many companies at risk for security breaches and data loss. 

G2 survey infographic: 55% of all remote workers have NO security awareness training

To protect employees at an individual level, especially to reduce blackmail related attacks, businesses can offer their workforce employee identity theft protection solutions. These solutions monitor an employee’s personal information--including sensitive information like usernames and passwords, social security numbers, insurance or medical information, phone numbers, and more--on dark websites used by cybercriminals. In the event of a personal breach, many employee identity theft protection solutions offer identity theft insurance along with credit restoration services.

Related: How to Authenticate Remote Workers in a Zero Trust Security Model

Protecting business emails

Even though many businesses use internal communications software to communicate with employees, email remains a popular external communication method and therefore, a primary attack vector for cybercriminals. 

In addition to providing staff security awareness training, companies can reduce the number of email scams and phishing attacks being sent to employees using software solutions. For example:

  • Email anti-spam software can prevent emails with malicious links and attachments from being delivered to employees in the first place. These tools scan emails for potential threats and then block suspicious emails from being delivered to the end recipient.
  • Cloud email security software can help prevent phishing scams by similarly blocking malicious emails and prevent data loss.

There are even more sophisticated email protection tools, such as intelligent email protection software, which helps companies prevent email-based attacks and data loss. Intelligent email protection software uses contextual machine learning to understand employee email usage and develop a baseline on which to assess cyber threats related to emails. These solutions filter both incoming and outgoing emails and block unauthorized emails from being sent or received. These tools are particularly useful in combating insider threat and social engineering-based attacks, where cybercriminals use sophisticated deception methods to trick users into giving up sensitive information.

The way forward

Scammers will take advantage of times of uncertainty such as the coronavirus pandemic to launch phishing scams and other cyber attacks. But with employee awareness and technological solutions in place, businesses can reduce the threat these scams pose to their employees, customers, and ultimately their business reputation.

Our analysts consider best practices for remote work across industries, and its  impact on the market.    Explore Now →

Don’t fall behind.

Subscribe to the latest software news & updates from the expert analysts at G2.

By submitting this form, you are agreeing to receive marketing communications from G2.