Article by
Gildas Jones

In Feb 2020, the National Fraud Intelligence Bureau identified 21 reports of fraud where Coronavirus was mentioned, with victim losses of over £800k. That number increased by 400% in March. Beware of emails claiming to be from research organisation’s affiliated with the CDC and WHO.

3/30/2020

How to recognize a dangerous email?

How to recognize a dangerous email?

In Feb 2020, the National Fraud Intelligence Bureau identified 21 reports of fraud where Coronavirus was mentioned, with victim losses of over £800k. That number increased by 400% in March. Beware of emails claiming to be from research organisation’s affiliated with the CDC and WHO. 

Of the 105 reports, many were made by victims that attempted to purchase protective face masks and hand sanitizer from fraudulent sellers.

Fraudsters purporting to be from a research group that mimic CDC or WHO claim to be able to provide the recipient with a list of coronavirus infected people in their area. In order to access this information, the victim needs to click on a link, which leads to a malicious website, or is asked to make a payment in Bitcoin.

Some emails offer daily updates on the virus outbreak if the victim clicks on the fraudulent sign up link.

Fraudsters send investment scheme and trading advice, or claim to be from HMRC offering a tax refund and directing victims to a fake website to harvest their personal and financial details.

Reporting numbers are expected to rise as the virus continues to spread across the world.

Watch out for scam messages:

Don’t click on the links or attachments in suspicious emails, and never respond to unsolicited messages and calls that ask for your personal or financial details.

How to spot a dangerous email?

Public Domain

Always check the sender’s email address. If the email you received is sent from a public domain for example “@gmail.com” and you are not expecting to receive it, you should be highly cautious. With the exception of some small independent businesses, no company will contact you from a public domain. 

The message makes you panic

Phishing emails tend to be designed to make you panic so you don’t have time to think twice about giving away vital information. For example you may receive an email saying you have been hacked and you need to verify your details by following a link.  

Email address doesn’t look legitimate

It is common for scammers to try and trick unsuspecting users by including the name of a legitimate company within the structure of an email in order to appear legitimate. These emails may look legitimate at first glance but if you keep an eye out, they can be easily spotted. A good example of such an address could be “email.paypal.com” pretending to be “paypal.com”. We’ll say it again, always check the sender’s email address.

Attachments are executable

Attachments you’d receive via emails from your contacts are generally documents or images with the corresponding “.doc”, “.pdf “, “.csv”, ”jpg”  or “.png” extensions. Scammers however usually will attach executable files ( in order to run a malicious program on your machine). These are typically “.exe”, “.com”, “.scr” or a double extension like “.doc.exe.”

Email is generic and non-personal

If the email is generic and non-personal or somewhat personal but from someone you don’t know (excluding autoptic emails such as newsletters), delete it and assume it is SPAM.

Email requires you to share sensitive information

If the email you receive asks you to follow a link to a webpage that asks you to enter your username and password, your personal information, or any other sensitive information, make sure you double-check the email address and website domain. Does it have a SSL certificate confirming it’s legitimate (the web address would start with “https” rather than just “http”)? No vendor whose services you’re currently using would ever ask you to confirm such information online.

Change in terms of payment

If you receive an email asking you to change anything in the way you pay your supplier (especially if it’s bank details), you should verify that request over the phone – yes, it’s that simple and may save you losing a lot of money.

Further tips

Bitcoin:

Due to GDPR it is not legal to share people’s sensitive information (such as names and medical records). Approximately one-quarter of bitcoin users are involved in illegal activity. If you receive an offer of having personal information shared with you (or an offer of anything that doesn’t sound 100% legal) in exchange for Bitcoin, don’t risk it. It is nearly 100% sure a scam (or involves illegal activity). 

Shopping online:

If you’re making a purchase from a company or person you don’t know and trust, carry out some research first. If you decide to go ahead with the purchase, use a credit card if you have one, as most major credit card providers insure online purchases.

Protect your devices from latest threats:

Always install the latest software and app updates. Make sure you have a good antivirus and antimalware protection on your device. We recommend ESET Antivirus.