Coronavirus Phishing Scams

Five Tips to Prevent Coronavirus Phishing Scams
Cyber Security
Online identity
Written by: Karl Peterson, SVP, Chief Information Security Officer
Secure lock overlays person typing on laptop keyboard

The novel coronavirus (COVID-19) has created a ripe opportunity for cybercriminals to use devious phishing tactics to take advantage of people interested in information about the virus. Unfortunately, opportunistic criminals are tailoring messages and building websites that appear to be from legitimate sources. Of greatest concern are coronavirus-related phishing attempts.

Phishing typically involves impersonating a trusted entity, using text messages, emails and other tactics to acquire sensitive information such as usernames, passwords and credit card details. Thieves often send messages that link to a website that spoofs—or mimics—a legitimate website. The goal is to get trusting individuals to enter their personal information or click on links that automatically, and secretly, install malicious software on their computer or mobile device.

Recent reports of phishing scams include:

  • Emails claiming to be from government agencies such as the Centers for Disease Control and Prevention (CDC), the World Health Organization (WHO) or the National Institutes of Health (NIH).

  • Emails containing malicious links or attachments that claim to contain safety measures, tips and information. 

How to Protect Yourself:

  • Be wary of urgent and unsolicited texts and emails. Even when they look legitimate, email addresses and website domains and names can be spoofed to appear authentic.

  • Verify the sender’s legitimacy by looking closely at the details. Never open attachments or click on links without first verifying their authenticity. If you’re unsure, reach out to the sender using published contact information.

  • Avoid clicking on links in emails or on social media sites. Instead, manually type the web address (URL) for the organization or business website referenced, such as the CDC or WHO.

  • If you run a business, remind your employees to be cautious and follow the recommendations above. Having a well-informed front line of defense is key to protecting your business.

  • Keep security up to date. Make a routine practice of installing the latest software patches and updates.

To learn more about recognizing and avoiding phishing scams, visit the Federal Trade Commission at:

If you think your financial or personal information has been compromised, take immediate action, including contacting your banker, and reporting the situation to:

At Banner, we are always diligent about ensuring the safety and security of our systems and the personal information of our clients. Rest assured we will never call, text or email you directing you to change your PIN on the spot and will never request your personal information. As your bank, we already have your key details on file.

Remember, vigilance is always your best practice, regardless of what’s happening in the world.