Cybercriminals have capitalized on the COVID-19 crisis to exponentially increase their fraudulent activities, according to U.S. government agencies and private internet security firms. Americans who are working from home during the pandemic are particularly vulnerable and should be vigilant about phishing emails containing links to coronavirus-related topics and solicitations for charitable contributions, among other things. Beware the opportunity for cybercrime, especially now.

Federal agencies including the Department of Justice, Department of Homeland Security, and the IRS have issued numerous alerts in the past month warning of an increase in cybercrime. On April 8, 2020, Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued a joint warning with the United Kingdom’s National Cyber Security Center (NCSC) outlining a variety of fraudulent activities that have surfaced in connection with the COVID-19 pandemic.

Malicious cyberattackers – most from outside the U.S. – are exploiting the public’s fear and need for reliable information about COVID-19 as an opportunity to deliver malware and ransomware, and to steal user credentials.


Specifically, cybersecurity agencies are seeing a dramatic increase in email phishing schemes and ransomware attacks that play on victims’ fears and sympathy by masquerading as COVID-19 news about fake cures or solicitations for fraudulent charitable donations to support food banks or the unemployed. Moreover, many of the schemes lead victims to websites with terms like “coronavirus” and “covid” in the URLs, making them seem legitimate.

One of the newest phishing email scams targets Americans who are awaiting their federal stimulus payments, many of which will be deposited directly into taxpayers’ bank accounts. Scammers impersonating major financial institutions are asking victims to verify financial details before their stimulus funds can be deposited.

The email wording is convincing, and a link leads to a “financial institution” landing page that looks authentic. The email claims that the financial institution has placed the funds “on hold” until the user signs in and verifies account ownership. The URL appears to be that of the financial institution, but in fact the victim is on a scam website that is controlled by cybercriminals and is used to steal login credentials. Once a victim “signs in,” the attackers have their login credentials and access to their real bank account.

The wave of cybercrime related to COVID-19 was anticipated by the FBI and other law enforcement agencies based on spikes they have seen after natural disasters and other significant events. But the potential financial damage that can occur from exploiting fears around coronavirus has moved some law enforcement agencies to step in earlier than they normally would in some circumstances. David M. DeVillers, the U.S. Attorney for the Southern District of Ohio, recently announced that the threshold for initiating fraud cases is being ignored for coronavirus-related scams. Usually a minimum fraud cost in the tens of thousands of dollars is considered the benchmark for launching an investigation.


Besides the usual strategies of phishing emails, malware distribution, and spoofed websites, cybercriminals are specifically targeting people who are working from home.

With millions of Americans working from home during the COVID-19 crisis – and in many cases using personal computers – the security safeguards that usually exist on workplace computers are missing. Email phishing scammers know this and have intensified their efforts to break into company servers.

Many of the emails, which often appear to be sent by WHO or the Centers for Disease Control and Prevention, pretend to offer new information about the coronavirus. If they offer promising information about a vaccine and provide a link, they are phishing schemes, cybersecurity experts warn.

Scammers also are counting on victims being less diligent about suspicious emails and links than they would be if they were working in their professional offices. For instance, a malicious Android app purports to provide a real-time coronavirus outbreak tracker, playing on users’ fears that the virus may be intensifying in their state or city. The app tricks the user into providing administrative access and then installs “CovidLock” ransomware on their device. At that point, the user’s device is locked and a cash ransom may be demanded to get it unlocked.

Cybercriminals also are taking advantage of the massive new distributed workforce to exploit known vulnerabilities in VPNs and other remote working tools and software, such as Citrix, Zoom and Microsoft Teams.


In many cases, phishing emails are aimed at stealing user credentials. These emails refer to COVID-19 cures or vaccines in order to lure the user in, then lead to a spoofed website if the user clicks on a link. These websites often are designed to look authentic and appear to be trusted sites, but if you key in a password the cybercriminals now have a password that they can use to access you other accounts.


Some of the more well-known COVID-19-related scams that have surfaced in recent weeks include:

  • A text message promising free iPhones due to the coronavirus, asking users to click a link.
  • Malware spreads to Android phones via a text message that promises to share data about the COVID-19 spread but instead watches you through the smartphone camera and listens using the microphone.
  • Text messages promoting payday loans of $5,000, news alerts from a fake news site and a coronavirus-curing CBD oil.
  • Various promises of faith healing for COVID-19 sufferers, delivered by smartphone text, email, or websites.


Scam artists also have been calling taxpayers – particularly the elderly – and trying to get bank account numbers, posing as IRS representatives trying to disburse “recovery rebate” checks authorized by recent legislation.

Most of the recovery rebate payments that the federal government will pay taxpayers in coming weeks will be directly deposited into bank accounts if the IRS has routing numbers and account information already on file. For other taxpayers, paper checks will be sent.

The IRS reminds taxpayers that it will never call or email a taxpayer demanding payment of taxes owed or asking for bank account numbers so it can deposit a refund.


  • If you are working from home using your personal computer, make sure you have anti-virus security software installed. Consult your company’s IT department for recommendations.
  • If your employees are working from home using their personal computers, your company’s data could be at risk. Make sure all employees have anti-virus security software on their computers and that they have been trained in how to avoid phishing scams.
  • Think before you click. Slow down. If an email doesn’t look right, delete it. Do NOT click on anything in the email.
  • Examine the link. Before you click on a link, try hovering your mouse over it. This will reveal the full address, which can expose signs of fraud. Misspellings in URLs are another good tip-off to a fake website. Don’t assume that a website is legitimate just because its URL starts with “https.” Criminals use encryption, too.
  • Don’t open attachments from suspicious emails. They may contain malware.
  • Guard financial information. Delete emails asking for account numbers, credit card numbers or wire transfers.
  • Turn on auto updates. This goes for your computer, smartphone, and tablets. This will help stop malware.
  • Use security tools. Install an anti-virus program on your device and keep it up to date. But keep in mind that these tools aren’t foolproof. You still must use your head.

Try to stay educated on what cybercrime looks like, so it can be caught before hurting you or your business.


If you receive unsolicited emails, text messages, or social media attempts to gather information that appear to be from either the IRS or an organization closely linked to the IRS, such as the Electronic Federal Tax Payment System (EFTPS), forward it to See our recent article, “Cybercrime: Business Email is a Common Gateway” for more tips on how to protect your organization from phishing emails.


CISA encourages individuals to remain vigilant and take the following precautions.

Avoid clicking on links in unsolicited emails and be wary of email attachments. See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information.

Use trusted sources such as legitimate, government websites for up-to-date, fact-based information about COVID-19.Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.

Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.

Review CISA Insights on Risk Management for COVID-19 for more information.


The IT consultants at Barnes Wendling CPAs can analyze your company’s IT environment, assess your security, and create a plan to mitigate risk and protect your business from cybersecurity attacks.

If you are concerned about COVID-19-related cybercrime impacting you or your business, please contact our advisors.

Related Insights

2023_IPA 300