COVID-19 Phishing Mails: Scammers Try to Capitalize on Coronavirus Fear

Current coronavirus phishing scams aim to spread malware and steal personal data. Here’s how to protect yourself.

Covid-19/Coronavirus Phishing-Mails

Björn GreifEditor

Criminals are taking advantage of the uncertainty of many people caused by the coronavirus crisis to make money with fraudulent activities. There are numerous coronavirus phishing mails in circulation that are designed to spread malware and steal personal data.

Many of these scam mails claim to come from health authorities and to contain important information about the new coronavirus as an attachment. In fact, however, they only contain malware that becomes active when the user opens the attachment. Once active, the malware steals sensitive data such as passwords and credit card information. Examples of coronavirus phishing scams can be found on the website of the Electronic Frontier Foundation (EFF) or at

With this phishing mail, which claims to come from the WHO, scammers want to steal credentials (Source: Mimecast).
With this phishing mail, which claims to come from the WHO, scammers want to steal credentials (Source: Mimecast).

We explain how to identify such phishing mails, how to protect yourself and what to do if you’ve fallen victim to a phishing scam.

The Essentials in Brief:

  • Use a default browser with built-in phishing protection (Cliqz is up to four times more efficient than Google Safe Browsing)
  • Don’t open emails that appear suspicious and delete them right away
  • Never click on links or attachments if you don’t know or trust the sender
  • Be especially careful with emails that ask for credit card data, PINs or TANs
  • Use up-to-date security software
  • Always keep your operating system and apps up to date

How to Identify Phishing Mails

The best protection against fraud attempts is vigilance and a healthy level of scepticism. Check regularly to see if you know the sender of a message and if it is really the same (check for correct spelling!). You should also ask yourself whether the subject and message text make sense and whether you expect the sender to attach an item such as an invoice.

If an email seems strange to you, you should not open it, but delete it without reading it. If in doubt, you can also call your bank or the respective company to find out whether the message actually came from them.

Be especially careful with emails that ask for sensitive data such as credit card numbers, PINs or transaction numbers (TANs). Trustworthy companies would never request such information in this way. Another warning signal is an urgent request to follow a link or open an attached form.

Use a Default Browser With Phishing Protection

How vulnerable you are to such scams depends largely on the default browser you choose: When you click on a link in a scam mail, it will always open in the browser you set as your default. Therefore, your default browser is critical!

The Cliqz Browser’s built-in phishing protection detects up to four times more phishing attempts than Google Safe Browsing and works considerably faster, uncovering phishing sites within an hour. When you open a potentially dangerous website, the Cliqz Browser displays a warning. Additionally, Cliqz for iOS 3.4.0 and higher shows only the most important parts of a web address in the URL bar. This makes it easier to identify fraudulent sites.

Make Cliqz your default browser to benefit from its highly efficient phishing protection and additional privacy and security features!

What to Do If You’ve Fallen Victim to a Phishing Scam

Unfortunately, there is no such thing as 100% protection against phishing and malware, which is why you should always be cautious. It’s generally recommended to use a security software and always keep it up to date, such as your operating system, browser and other applications.

If you have become the victim of a phishing attack despite all precautions, you should report the fraud as soon as possible to the provider whose name has been misused. You should also make sure that the scammers cannot use the stolen data to cause any further damage: For example, change all your passwords, block your TAN list and bank accounts if necessary, and check your online accounts (banking, shopping) regularly for unusual transactions.

Be especially careful these days if you receive emails about coronavirus or COVID-19. For trustworthy news about the current situation as well as emergency numbers, links to official info pages, FAQs, and statistics, check out the Cliqz Search Engine (beta) at