Guide to Phishing during Covid-19

How to protect yourself and your organisation from cyber attack

What is Phishing?

Phishing is a disguised email, that aims to hook the recipient into clicking a link or attachment that enables a cyber-attack to take place.

Why have Phishing attacks increased since Covid-19?

In late March 2020, the Telegraph reported that phishing “attacks have increased 667pc since the end of February”  There are two main reasons for this increase:

  1. Attackers like to masquerade as a trusted entity and a pandemic provides the perfect opportunity for impersonation.
  2. The move to remote working makes employees more vulnerable to cyber attack, from both a technical and behavioural perspective.

What are the known Covid-19 phishing scams?

On the 4th April. The Guardian reported that ” The number of coronavirus-themed phishing attempts stands at 2,192”, and although it would be impossible to cover even a proportion of these, it is worth highlighting some of the more ‘convincing’ phishing scams.


Cyber criminals are masquerading as HMRC via email and SMS.   An example of a phishing email is detailed below.  For further information, visit the dedicated HMRC page.

World Health Organisation (WHO)

WHO, the primary provider of Covid-19 information, has issued a stark warning “Beware of criminals pretending to be WHO”.  An example phishing email is detailed below, with detailed advice and guidance from WHO on their dedicated page.

Health advice

Emails purportedly from medical experts in China, claiming to help protect against Covid-19 have also been circulating:

Workplace policy

Cyber criminals are known to have been impersonating HR and IT departments, with emails such as the one below:

How can I protect myself and my organisation from phishing attacks?

With a 667% increase in phishing emails reported between February and March, then  we all need to be extra vigilant:

  1. Don’t click on links in emails from people that you don’t know.
  2. Avoid emails that insist that you act now.
  3. Watch for emails that include generic greetings.
  4. Don’t open emails purporting to contain important updates from your organisation, especially those that ask you to validate your credentials or install additional software to permit remote connectivity.
  5. Check the grammar, punctuation and spelling of the email – in many cases, these are clear signs of a phishing email.
  6. If you are at all in doubt, then the advice is to call the sender to verify the details.

If you would like to learn more about how to build your resilience to cyber threats during these uncertain times, then please contact us on or 07778 322230.

George Devane

Marketing Manager

Warner McCall Resilience