By BECKY RUTHERFORD
Los Alamos
First off, PSA – buying up all the toilet paper and Lysol at Smith’s will not stop coronavirus. (Hey, does anyone have some Scott tissue? Hit me up!)
That said, wash your hands often; and if you get an email about coronavirus cures, face masks, outbreak information, etc., delete that sucker.
As previously reported, numerous coronavirus phishing emails have been circulating in the wild. Any time you have a worldwide event like coronavirus, you can expect the bad guys to make phishing emails attempting to exploit your fear.
Many coronavirus phishing campaigns promise to give you secret cure information, access to health supplies, information on outbreaks near you, safety measures, etc. They may attempt to imitate the WHO (World Health Organization) or CDC (Centers for Disease Control). Delete these from your inbox, don’t open them, don’t click links, or open attachments.
Signs that these are phishing emails:
- If you hover over the link, you will find that you are being taken to a completely different website than the one displayed. The website might say “https://www.who.int/health-topics/coronavirus.” but it is actually taking you to “https://who-int.pleaseofclicks/thislinkizbad.com”
- Bad guys can say an email is from whoever they want, but if you look at the email address you will notice it is off. For example, the real WHO email domain is “who.int” but you may get a phishing email from a spoofed domain like “whoe-int.com.” They try to make these look just similar enough to trick you into thinking the email is legit.
- The body of the email may have poor grammar or typos.
- The email content seems too good to be true or comes across as very urgent and time-sensitive.
Here is an example coronavirus-themed phishing email, fresh from my inbox:

The above email has some obvious errors, like “GET YOUR DESCOUNT CODE”, and also who has heard of this “Oxybreath Pro” company? Another clue, legit healthcare companies probably will not use an emoji in the subject line. When I hovered over the links they were shortened using bit.ly URL shortener (an online tool that lets you enter any URL and then shortens it for you) and when I ran that through a URL un-shortener the actual URL they are sending you to is “4-fridaywin. co. uk” (I put the spaces in as this is a malicious URL and I don’t want anyone to accidentally click). Always, always be cautious of any URL that starts in bit.ly, this has been shortened and you have no way to know where it will take you. .
Here are a few other examples:


Thank you to Alexander Chamandy of Envescent Cloud and Cybersecurity for these examples of other coronavirus-themed phishing emails making the rounds. These are both very well done phishing emails, and they take advantage of the fear and uncertainty surrounding the epidemic to try to get a user to download malicious files. Be suspicious! Don’t fall for the phish and infect yourself with malware.
Get your updates on coronavirus from legitimate news and official organization websites, not from your email inbox. The only thing you will get out of these is a malware infection. These scams are now so prevalent that Proofpoint, an email security firm, has assigned an analyst just to track coronavirus threats.
Scammers have been registering coronavirus-themed domains right and left, and these domains are 50 percent more likely to spread malicious activity than others. Random coronavirus themed websites may be malicious, only use legit resources like cdc.gov, and who.int, not “coronaavirusescured.info” or any other suspicious sites. Here are a few legit sites where you can safely get information:
- https://medlineplus.gov/coronavirusinfections.html
- https://www.fda.gov/emergency-preparedness-and-response/mcm-issues/coronavirus-disease-2019-covid-19
- https://www.cdc.gov/coronavirus/2019-ncov/summary.html
- https://www.who.int/health-topics/coronavirus
Were you planning on attending a conference? You might start to see emails soon telling you that the conference was canceled due to coronavirus fears. These may be legit, but if I were a “bad guy” I’d view this as another opportunity to craft coronavirus-themed phishing emails. As a precaution, you may want to avoid clicking on any links appearing to be from conferences or other organizations; navigate directly to their website to verify the communication is real.
Think these emails aren’t a big deal? Victims in the United Kingdom have lost more than 800,000 pounds ($1 million) to coronavirus-linked email scams since last month. Many of these involved scams over face masks; one victim paid 15,000 pounds for face masks that never came. We can only expect to see more of these scams as the virus spreads.
Other things to watch out for include price gouging. Just a few weeks ago, we could get hand sanitizer, toilet paper, and other items that are now sold out pretty much everywhere. No worries though, you can buy a gallon of Purell on Amazon for just $100. Third-party sellers like Amazon have been under fire for price gouging on these and other hot items (paper towels! Wipes! TP!). The company has been working on removing the price gouging items and has stated they are against this practice.
Facebook, Twitter, Instagram, etc. are trying to weed out the coronavirus misinformation, but there’s still a lot of it. If you see any juicy, wild conspiracy theories, or misleading advice, don’t share it; report it so that it can be deleted. Facebook just announced that they would provide “educational pop-ups with credible information” when users search for information related to the virus on Facebook. Google also is partnering with WHO to pin “news, safety tips, information, and resources from the WHO website” at the top of its search page when users search for coronavirus-related information.
There’s enough to worry about with the coronavirus, be aware, and avoid falling for any of these coronavirus-themed scams. If something feels off, it probably is!
Editor’s note: Becky Rutherford works in information technology at Los Alamos National Laboratory.

































