How to avoid Covid-19 scams online

by Riversafe

Hackers Coronavirus

Online hackers target the vulnerable in order to steal their details or their cash. That’s why times of crisis often correspond to a rise in cybercrime and network infiltration.  That’s why it’s a great time to think about how best to avoid Covid-19 scams.

As businesses go digital and people’s reliance on technology for work and leisure rises, hackers have more chances to profit. This means it’s increasingly important for users to be aware of cyber-attacks and how to avoid them.

Already, people across the UK are experiencing malicious COVID-19 related fraud, reportedly amounting to a 400% increase in scams. From mass phishing links sent in the form of informative content to targeted attacks on crucial service industries, cybercriminals are doing all they can to dupe the public.

Here are the most prevalent coronavirus cyberattacks that you need to be aware of in order to keep your business and teams safe:

Emails and URLs

These scams were some of the most common even before coronavirus, using false emails, links, and websites as carriers of phishing, malware, smishing and more. They imitate reputable sources and sites in order to either grab your data or trick you into downloading malicious software.


World Health Organisation: False emails asking you to click and download a PDF of COVID-19 advice.

World Street Journal: Fraudulent site impersonating the Wall Street Journal giving false COVID-19 information to profit from advertising.


Simply, don’t download or click on any unsolicited material, even if it looks legitimate. Delete anything you’re unsure of and always double check URLs. Then contact the quoted company using a number or email address found somewhere other than the suspicious source. You can also report this activity to Action Fraud.

Mapping Apps

Everyone’s interested in tracking the spread of coronavirus and keeping up to date with the latest news. But be warned – there have been apps using reliable research sources as a false front that urge you to download them in order to scan your phone, infiltrate your private information with ransomware and even plant spyware.


Johns Hopkins University: Malicious spyware posing as an Android app that tracks the spread of the virus.

Sim&Co: Promised to provide information about symptoms and local people the disease had impacted in Wuhan to corrupt your phone.


Only trust the most reliable sources for coronavirus status updates. The majority of trustworthy sites will give this information out for free and won’t ask you to download anything.

Testing Kits and Cures

A shocking number of scammers are selling fake COVID-19 testing kits, cures and remedies either online, over the phone or even at your doorstep. This is a prime example of profiting from fear.


Drinkable silver: US televangelist claims silver can cure coronavirus and sales for this product have spiked.

Emails claiming to be doctors with an available cure asking you to provide details, pay or click a link.


There is no known cure or vaccine for coronavirus so any products claiming otherwise are a hoax. If you suspect you have the virus or want to get a test, contact the appropriate authorities for instructions.

Donation Sites

Plenty of charities have set up a way for people to donate to various coronavirus-related causes. But there are also many financial scam sites set-up to steal people’s money disguised in the same way.


Centres for Disease Control and Prevention: Emails asking for Bitcoin donations to fund research for a coronavirus vaccine.


Verify all emails, URLs, and texts before making any sort of financial donation. To make a contribution to coronavirus assistance and activity, go to the source site and donate from a trustworthy portal.

Customer Service Text Messages

Hackers are falsifying COVID-19 related test/SMS messages under reputable brand names, asking recipients to complete an action such as follow a link or log in to a site. These come in all shapes and sizes but commonly are used to take your details or cash, or to corrupt your device.


HMRC: Claiming to offer a tax repayment which you can apply for through a link.

City Council: Asking recipients to enter a site to receive their tax refund.

Government: Telling people they are violating their lockdown and a fine will be issued.


Legitimate companies would never ask you to conduct an important task or provide sensitive information in a text message. Don’t click on links or follow instructions unless the source is completely verified and confirmed to be accurate. Contact the quoted source using a separate website or number to confirm and report the fraud to Action Fraud.

Neighbourhood Assistance

Some con artists and scammers are using the support systems set up by local neighbourhoods to target the most vulnerable. People have reportedly impersonated authority figures or Good Samaritans in order to make a profit or gain access to your home for sinister purposes, such as burglary.


Charging the elderly to conduct medical tests or offering health services to enter their home.

• Scammers selling counterfeit medical or health equipment, such as masks, for raised prices.

• Con artists offering to shop for those self-isolating and taking the money, sometimes posing as NHS workers.


Always ask for identification if someone claims to be an official patron. Alternatively, if a neighbour that you don’t recognise approaches you, confirm their identity with someone you do know or only seek assistance through the official neighbourhood support group channels.

Organisational Network Attacks

Now that essential services are nearing capacity and focused elsewhere, hackers have more opportunities to infiltrate their digital defences. Cyber-attacks of this nature often halt activity and corrupt systems or steal data to disrupt the company’s much-needed services.


Brno University Hospital: A ransomware attack was instigated to exploit them for money.


Companies should ensure that remote workers are practicing safe cyber activity and their home-working devices have cybersecurity installed to protect the company’s data. Anti-malware and ransomware services provided by a reputable cybersecurity firm are also beneficial to have implemented for these emergency situations.

RELATED: Read more about how companies can support cybersecurity standards while working from home.

If you would like some more advice about how to improve your cybersecurity get in touch with a RiverSafe expert at +442036332577 or


By Riversafe

Experts in DevOps, Cyber Security and Data Operations