Cybersecurity attacks can come disguised as coronavirus COVID-19 information. Most of the attacks are delivered through “phishing” emails using the “from” address or email sender to pose as a legitimate government agency. Here are steps you can take when you receive an email about the coronavirus.

Emails from outside parties related to coronavirus

  • Be cautious of links within emails.
    • Check that any links within the email are legitimate by opening a web browser and going directly to the website, as opposed to clicking on the link.
  • Be cautious of attachments within emails. Attackers use attachments to spread malware.
    • Unless you are confident that an email is from a legitimate source, exercise extreme caution before opening the attachment.
  • Be cautious of emails that appear generic and include only a small number of words. Attackers will try to get you to respond so that they can follow up with a more targeted phishing email.
  • Be cautious of emails that ask you to make unsolicited financial transactions.

‘Coronavirus map’ websites and mobile apps

Hackers are designing websites related to coronavirus to prompt you to download an application to keep you updated on the situation. This application suggests it can show you a map of how COVID-19 is spreading. These websites will install malware on your computer or mobile device that is then used to steal passwords and other sensitive information.  Use extra caution when using the internet to obtain COVID-19 related information.

These two authentic sites provide maps with legitimate information: Johns Hopkins Coronavirus Resource Center and Center for Systems Science and Engineering.

Message from the Federal Trade Commission on coronavirus scams

As the coronavirus takes a growing toll on people’s pocketbooks, the U.S. government will soon be sending money by check or direct deposit to each of us. These are really important things to know:

  • The government will not ask you to pay anything up front to get this money. No fees. No charges. Nothing.
  • The government will not call to ask for your Social Security number, bank account, or credit card number. Anyone who does is a scammer.

If you spot one of these scams, please tell the Federal Trade Commission:

  • Do not open attachments or click links within emails from senders you don’t recognize.
  • Do not provide your username, password, date of birth, Social Security number, financial data, or other personal information in response to an email or robocall.
  • Always verify the web address of legitimate websites and manually type them into your browser.
  • Check for misspellings or wrong domains within a link (for example, an address that should end in a “.gov” ends in .com” instead).

If you believe you are the victim of an internet scam or cybercrime, or if you want to report suspicious activity, visit the FBI’s Internet Crime Complaint Center at