Skip to main content

Home Sense

Could You Spot These Coronavirus Cyber Scams?

Editor's note: This article originally appeared on The PhishLabs Blog.

By this time, most everyone in the world has heard about COVID-19, a global outbreak that is commonly referred to as the coronavirus. With growing fear and a lack of information, the stock markets have dropped to lows we haven’t seen in years, and organizations everywhere are putting together contingency plans. Like most global events, this scenario creates a perfect opportunity for threat actors to abuse the situation.

Why? Because:

  1. The pandemic has people in a state of fear and irrationality;
  2. The event is recognized worldwide, which means anyone with internet connectivity is a potential target;
  3. End-users are hungry for updates from their company, the media, or third parties regarding the coronavirus, thus adding a sense of legitimacy to the messages sent by threat actors.

PhishLabs has observed multiple threat campaigns using coronavirus to lure victims. The two examples below illustrate common ways threat actors are exploiting it.

Example 1:

Example of Coronascam email
Can you spot what's not right with this scam email attempt? Keep reading to find out.

Our first example shows a lure that targets the general population by abusing the CDC name.

Visually, the link appears to go to a CDC site; however, mousing over it shows what the sender’s true intention is.

The site goes to hXXps://www.farahii{dot}com/corona/owa.php, which is a compromised ecommerce site. The phishing site has since been mitigated. The sender email address also came from nationalhealthcenter@gravitt{dot}net, which is an email address created from a compromised domain of someone associated with churches in Ohio.

Beyond WHO, the CDC is considered one of the primary sources of current information associated with the pandemic, which makes this lure highly concerning. In the lure, the threat actor has posted a link which they claim has an updated list of coronavirus cases in areas around your city. With a pandemic that spreads as quickly as this one has, most people are going to be curious and want to know just how bad it is in their surrounding area.

Example 2:

Coronascam example 2
What's wrong with this email? Keep reading to find out what tactics this scammer uses to get you to click.

As the outbreak grows, we have seen multiple attacks using the threat of the coronavirus in an attempt to get end-users to click on a URL or respond back to the threat actor directly. As you can see in the example above, this lure is posing itself as an absence census (loose translation) in the midst of the coronavirus. This could be an effective lure on a couple of different levels.

The first is that it isn’t something that would necessarily surprise an employee to receive right now. With coronavirus being highly contagious and not preventable, many employees are planning on working from home until we have more information about how dangerous it is and have vaccines to protect us. In addition to this, many people may let curiosity get the best of them and click the link to find out if anyone in their organization has the coronavirus. Top this all off with the fact that this attack is using a legitimate Microsoft program (Office Forms) and you can see how an unsuspecting victim could think this was a legitimate message.

The link in question led to the following URL:


And the sender was maccount@microsoft{dot}com.

Here, the threat actor is using actual Microsoft programs for the entire attack. In place of a phishing site, Office forms are used to host the content, which then sends out an email that uses a legitimate Microsoft email to appear as the sender.

One thing to point out about both of these lures – neither of them is beautifully crafted to imitate a government agency or any specific company. However, that is the beauty of using a worldwide pandemic as your lure, it doesn’t have to be. The inherent fear and urgency associated with coronavirus in everyday life are all that is necessary, and threat actors are aware of this and ready to take advantage. If the virus continues to spread, it’s important to keep this in mind and expect to see an increased number of emails around this topic. If things keep trending the way they are, fear and panic will continue to grow, and as fear grows threat actors are always ready to jump on a malevolent opportunity.


Take a minute to think through what you’d need to do if someone stole your identity. You might need to contact credit bureaus, your bank or even the Social Security office or DMV. Maybe you’d have to take time off work to get it all done.

If someone steals your identity, it takes time – and money – to straighten things out. That’s where Identity Theft Recovery Coverage from ERIE can help.

Talk to your local ERIE agent to learn more about what’s included and how to add it to your homeowners insurance policy.

Learn how to spot common tricks used in email phishing attempts to get your personal information. /blog/coronavirus-scams Erie Insurance

ERIE® insurance products and services are provided by one or more of the following insurers: Erie Insurance Exchange, Erie Insurance Company, Erie Insurance Property & Casualty Company, Flagship City Insurance Company and Erie Family Life Insurance Company (home offices: Erie, Pennsylvania) or Erie Insurance Company of New York (home office: Rochester, New York).  The companies within the Erie Insurance Group are not licensed to operate in all states. Refer to the company licensure and states of operation information.

The insurance products and rates, if applicable, described in this blog are in effect as of March 2020 and may be changed at any time. 

Insurance products are subject to terms, conditions and exclusions not described in this blog. The policy contains the specific details of the coverages, terms, conditions and exclusions. 

The insurance products and services described in this blog are not offered in all states.  ERIE life insurance and annuity products are not available in New York.  ERIE Medicare supplement products are not available in the District of Columbia or New York.  ERIE long term care products are not available in the District of Columbia and New York. 

Eligibility will be determined at the time of application based upon applicable underwriting guidelines and rules in effect at that time.

Your ERIE agent can offer you practical guidance and answer questions you may have before you buy.