COVID-19 Credential Phishing Scams: Feeding Off Coronavirus Fears

Impersonating First Responders

Since the beginning of February, 17% of all COVID-19 Brand Display Name Imposter phishing attacks we have observed have impersonated either the World Health Organization (WHO) or the US Center for Disease Control and Prevention (CDC). The use of these organizations in phishing attacks is meant to add a sense of authority and credibility to a malicious email.

Credentials Harvesting Cuts Close to Home

This second phishing email from “Department of Health” claims to contain a link to a list of new COVID-19 cases in the target’s own city. But look closely, and you’ll see that instead of coming from a legitimate health organization, the email address is actually “,” a financial investment firm whose domain is likely being spoofed.

Impersonating HR in an ‘Official’ Company Announcement

Similar to the recent trend of phishing emails posing as e-faxes or electronic voicemails, this next attack masks itself as an important document about COVID-19 from the Human Resources department at the target recipient’s company.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Agari is the Trusted Email Identity Company™, protecting companies and people from phishing and socially-engineered email attacks.