COVID-19-related phishing emails continue to evolve and multiply. Below, we discuss a few of the emails that are circulating recently, but there are certainly more. As always, exercise caution if you receive an email asking you to click a link or download an attachment.

  • COVID rapid test: Appears to be from an online company that sends and processes rapid tests that can be taken at home.
  • COVID-19 Vaccine: Usually poses as the US Department of Health and Human Services. This attempt is attachment-based. This email usually discusses vaccine trials and contains a malicious attachment that shows “vaccine trial locations.” Personal information is compromised and devices are infected by this email.
  • “Return to Work:” Appears to be from your company’s HR department. The email is attachment-based. The document that opens will often be on a SharePoint site, and it usually asks the user to “acknowledge the new remote work policy.” The main goal of this template is to steal email account credentials. The user is asked to enter their login credentials after clicking “acknowledge.”
  • Health Insurance Over Payment Refund: Appears to come from United Healthcare. The link in this email directs the user to a website that looks exactly like United Healthcare’s branding. This is another one that attempts to gather credentials and sensitive information.
  • WHO or COVID-19 Solidarity Response Fund: Usually looks like it is coming from PayPal. It asks for your banking information to send a donation.
  • Zoom Account Suspended: Can be an email or text telling the user that their Zoom account has been suspended and the user should click to reactivate.

If you believe that you received a phishing email to your work account, please report it using the PhishAlarm button. See instructions for using PhishAlarm.