9 Coronavirus Scams
Every Business Should
Watch Out For

Posted on December 22, 2020

Cyberattacks in 2020 are at an all-time high; an increase largely attributed to the coronavirus pandemic.


INTERPOL reports that hackers have targeted not only individuals but businesses of all sizes, recently shifting toward major corporations and governments.  


The widespread shift to remote work has empowered cybercriminals to steal sensitive information from isolated employees. Between January and April of 2020, one of INTERPOL’s private sector partners found 907,000 spam messages, 737 malware incidents and 48,000 malicious URLs related to COVID-19. Further increases in coronavirus-related cybercrime are expected to occur.


What coronavirus scams should you be concerned about? Today we’ll review the most common COVID scams and how you can protect yourself.


What Are Coronavirus Scams?


Like many cybersecurity hacking tactics, coronavirus scams capitalize on misinformation and uncertainty. Hackers are using COVID-19 concerns to lure people into downloading malware and ransomware, jeopardizing both business data and system security.


Is My Business at Risk for COVID Scams?


In a word, yes. Hackers are adept at launching sophisticated COVID fraud schemes to exploit fears surrounding unstable economic and social situations. Additionally, weak system security measures covering remote workers have increased penetration dangers. 


If your network or processes have weaknesses you haven’t addressed, you could be a target for COVID-related cybercrime.

9 Coronavirus Scams to Watch Out For

COVID fraud includes the following scams.


1. Coronavirus Phishing Scams


COVID-19 themed phishing emails lure victims into providing sensitive personal data. If an employee falls for a phishing scam on an unsecured company-owned or BYOD device, your network could be in danger. 


Common coronavirus phishing scams include:

  • Emails offering phony COVID-related health advice

  • Emails from the “CDC” that link to updated coronavirus cases in your area

  • Emails from “Human Resources” including links to revised employee health policies


2. Coronavirus Stimulus Payment Scams


By December 10, 2020, the Federal Trade Commission (FTC) had logged more than 269,000 consumer complaints related to COVID-19 and stimulus payments. Two-thirds of these complaints involved identity theft or COVID fraud.


Hackers have contacted consumers via email and phone calls, asking them to provide personal information or sign over their stimulus checks. Scammers are also contacting small businesses, falsely promising them federal disaster relief loans.


3. COVID-19 Malware


Hackers infiltrate systems and compromised networks using COVID-19 related information to steal data and divert money. According to McAfee, the use of COVID-19 malware began to rise in January 2020. Malware attacks have included spear phishing, banking credential theft, keystroke recording and network monitoring.


Healthcare and critical infrastructure institutions are also targeted with malicious downloads in hopes of financial benefit.


4. COVID-19 Ransomware


The COVID-19 pandemic has sparked a 72% increase in ransomware growth, with 20,000+ new vulnerability reports predicted by the end of 2020.

According to KPMG, remote working significantly increases the risk of ransomware attacks. Weaker IT controls at home and an increased likelihood of users clicking on coronavirus-themed ransomware emails contributes to this risk. 


Current ransomware lures include:

  • Information about hand sanitizer, masks, and vaccines

  • Free downloads for technology solutions such as video and audio conferencing applications

  • Financial scams offering government assistance for those affected during the economic shutdown


5. Malicious Domains


Exploiting the increased demand for medical supplies and information on COVID-19, hackers have registered domain names containing keywords like “COVID” or “coronavirus.” Malicious websites are springboards for phishing and malware activities. 


6. Misinformation


The damage caused by “fake news” is quite real. Coronavirus misinformation campaigns and conspiracy theories attract attention, often convincing the public to fall for phishing scams and malware downloads.


7. Contact Tracing Scams


Contract tracers do lawful jobs, working for state health departments in tracking coronavirus infection origins between people. Scammers portray themselves as contact tracers to steal money, your identity or both. 


Legitimate contract tracers will only send you emails or texts saying they will be calling you. They will never ask for money, Social Security numbers or credit card numbers. If you receive texts or emails from an alleged contact tracer, do not download anything or click any links. 


If you’re in doubt about the authenticity of a contract tracing attempt, contact your state health department to verify it. 


8. Coronavirus Cures and Test Kit Scams


Remember the adage: if it’s too good to be true, it probably is. Hackers have turned this on its ear by impersonating known government and healthcare agencies, tricking even the most sophisticated consumers. 


If you receive offers for COVID test kits, miracle cures, treatments or vaccinations, you should ignore them. Most have not been approved or even reviewed by the FDA, so you should regard them cautiously. 


9. “Government” Contacts


Be wary of emails, texts or calls claiming to be from any of the following offering COVID-19 related payments:

  • World Health Organization (WHO)

  • Centers for Disease Control (CDC)

  • The United States Treasury Department

  • Social Security Administration

  • Internal Revenue Service (IRS)


Scammers often impersonate government agencies to offer people payments in exchange for personal financial information. Check with sites such as coronavirus.gov and usa.gov/coronavirus if you suspect a coronavirus scam attempt has targeted you.


How to Secure Your Business From Coronavirus Scams 


Are you feeling vulnerable to COVID-19 scams or hacks in general? Taking a proactive stance is a good way to protect your business.


1. Create a Cybersecurity Checklist


Data breaches and cyberattacks can happen to any company at any time. Implementing a cybersecurity checklist is the first step in securing your digital assets and protecting yourself from COVID scam attempts.


2. Maintain a Proper Patch Management Process


Patch management keeps your software updated, ensuring that critical security features are up and running. A proper patch management process is an effective way of thwarting hackers while stabilizing your IT environment and keeping it safe.


3. Execute a Backup and Recovery Plan


If (or when) you’re the victim of a scam or hack, will your data be safe and recoverable? Creating and executing reliable backup and recovery strategies protects your assets and gives you peace of mind. 


4. Implement an Incident Response Team


Once you’ve created an action plan, you need a team to activate that plan. An incident response team takes action to mitigate risk in the event of a cybersecurity attack. Establishing roles and procedures helps alleviate confusion in an emergency.


Protect Yourself Against Coronavirus Scams With SugarShot


The threat of COVID-19 scams is cause for concern, especially if you’re not prepared. 


Outsourcing your cybersecurity is a great place to start. SugarShot has the right blend of certifications, skills, availability and integrity to support your security needs in efficient and economical ways. 


SugarShot specializes in:



If you’re worried about security threats of any kind and aren’t sure what to do, we’ve got you covered. Contact us today to find out how we can help!

Competitively priced. Award winning support. Get a quote.
This form collects your details to add you to our monthly newsletter list. We treat your data with the utmost security and will never sell it to third parties. Read our privacy policy for more.