Be on the lookout for COVID-19-themed phishing messages. Cyber actors are mimicking the organizations providing COVID-19 health guidance, financial relief and stimulus, and charities including the CDC, WHO, and the US Treasury. Health-ISAC Threat Intelligence Committee (TIC) estimates there has been an increase of roughly 20-30% in overall phishing attacks as a result of the ongoing COVID-19 pandemic. Avoid clicking on links in unsolicited emails and be careful with email attachments. Report any malicious messages using the “Report Phish” button in Outlook. 

Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19.

• Avoid clicking on links in unsolicited emails and be wary of email attachments.
• Use trusted sources like https://coronavirus.ucsf.edu/ for up-to-date, fact-based information about COVID-19.
• Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
• Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.

New scams and attacks are happening daily. For more, visit:

• The Internet is drowning in COVID-19-related malware and phishing scams – Ars Technica
• Defending Against COVID-19 Cyber Scams –Cybersecurity and Infrastructure Security Agency (CISA), US Dept. of Homeland Security
• Sipping from the Coronavirus Domain Firehose – Krebs on Security