In light of the rapidly changing coronavirus (COVID-19) situation, Troutman Sanders and Pepper Hamilton have postponed the effective date of their previously announced merger until July 1, 2020. The new firm – Troutman Pepper – will feature 1,100+ attorneys across 23 U.S. offices. Read more.


Insight Center: Publications

Beware: Phishing Scams Prey on Coronavirus Fears

Client Alert

Authors: Sharon R. Klein, Alex C. Nisenbaum, Ronald I. Raether, Wynter L. Deagle and Karen H. Shin

Beware: Phishing Scams Prey on Coronavirus Fears

On March 11, the World Health Organization (WHO) declared COVID-19 (the novel coronavirus) a pandemic. On March 13, President Trump declared the outbreak of COVID-19 a national emergency. According to WHO, there are more than 179,000 confirmed cases of the coronavirus globally and more than 3,500 confirmed cases in the United States. As the coronavirus spreads around the world, hackers are leveraging the panic and confusion to make various cybersecurity attacks, including hacking into computer networks and sending phishing emails. Even the U.S. Department of Health and Human Services (HHS) suffered an attack on March 16, in which its servers were overloaded with millions of hits over several hours. Officials believe that the attack was linked to fake text messages that were sent, stating the unknown sender’s “military friends” heard in a briefing that President Trump would be ordering a two-week mandatory quarantine for the entire nation. A foreign state is suspected to be the source of the attack.

With most of the nation on lockdown and working remotely from home, phishing has also become a point of major concern. Phishing is a type of cyberattack used to trick individuals into divulging sensitive information via electronic communication by impersonating a trustworthy source. Cybersecurity firm Check Point Software Technologies Ltd. found that more than 4,000 coronavirus-related domains (domains containing words like “corona” or “covid”) have been registered since January 2020. Of those, 3 percent were considered malicious and another 5 percent were suspicious, meaning that a coronavirus-related domain is 50 percent more likely to be malicious than any other domain registered during the same time period. This is significant because many of these malicious domains are used in phishing campaigns. Another cybersecurity firm, Proofpoint Inc., found that the number of malicious emails mentioning the coronavirus has increased significantly since the end of January 2020 — so much so that Proofpoint had to begin posting the various phishing emails on its Threat Insight Twitter account to keep up with the sheer volume of the scams.

Hackers have sent phishing messages globally, posing as the U.S. Centers for Disease Control and Prevention (CDC), WHO, and health agencies from specific countries, purporting to offer information on the coronavirus disease. In January and February 2020, hackers posed as regional health care facilities and sent Japanese residents an email containing an attachment claiming to state where the virus was spreading in Japan. On February 18, hackers posing as a WHO employee sent companies in the transportation industry an email with instructions on how to monitor crews aboard ships for coronavirus symptoms and an attachment claiming to include further instructions. The email also included a WHO logo. On February 24, hackers posed as the CDC and sent an email to a South Korean electronic manufacturing company with the subject line “Re:nCoV: Coronavirus outbreak and safety measures in your city (Urgent)” and instructions to download an attachment to avoid potential hazards. In some instances, the phishing messages have been sent by hackers supported by U.S. adversaries, including Russia, China and North Korea.

To address these phishing messages, WHO has published a page on how to recognize and avoid phishing and on how to report a scam. The Federal Trade Commission has also published an article on what it is doing in light of various coronavirus scams, and how to prevent phishing attacks.

Key Points

In light of the increase in phishing attacks due to COVID-19, companies should follow and train employees to follow the tips provided by HHS’s Office for Civil Rights:

  • Be wary of unsolicited third-party messages seeking information. If you are suspicious of an unsolicited message, call the business or person that sent the message to verify that they sent it and that the request is legitimate.

  • Be wary of messages even from recognized sources. Messages from co‐workers or a supervisor as well as messages from close relatives or friends could be sent from hacked accounts used to send phishing messages.

  • Be cautious when responding to messages sent by third parties. Contact information listed in phishing messages, such as email addresses, websites and phone numbers, could redirect you to the malicious party that sent the phishing message. When verifying the contents of a message, use known good contact information or, for a business, the contact information provided on its website.

  • Be wary of clicking on links or downloading attachments from unsolicited messages. Phishing messages could include links directing people to malicious websites or attachments that execute malicious software when opened.

  • Be wary of even official-looking messages and links. Phishing messages may direct you to fake websites mimicking real websites using website names that appear to be official, but which may contain intentional typos to trick individuals. For example, a phishing attack may direct someone to a fake website that uses the number 1 instead of the letter ls (i.e., a11phishes vs. allphishes).

  • Use multifactor authentication. Multifactor authentication reduces the possibility that someone can hack into your account using only your password.

  • Keep anti‐malware software and system patches up to date. If you do fall for a phishing scam, anti‐malware software can help prevent infection by a virus or other malicious software. Also, ensuring patches are up to date reduces the possibility that malicious software could exploit known vulnerabilities of your computer’s or mobile device’s operating system and applications.

  • Back up your data. If malicious software, such as ransomware, does get installed on your computer, you want to make sure you have a current backup of your data. Malicious software that deletes your data or holds it for ransom may make the date irretrievable. Robust, frequent backups may be the only way to restore data in the event of a successful attack. Also, be sure to test backups by restoring data from time to time to ensure that the backup strategy you have in place is effective.

The material in this publication was created as of the date set forth above and is based on laws, court decisions, administrative rulings and congressional materials that existed at that time, and should not be construed as legal advice or legal opinions on specific facts. The information in this publication is not intended to create, and the transmission and receipt of it does not constitute, a lawyer-client relationship.

Data protection laws have changed, so we have revised our Privacy Policy.