Advice Center Blog

blog home Blog Home » Security & Fraud Protection » COVID-19 ‘Stay at Home’ Orders Bring Outbreak of Phishing Scams

COVID-19 ‘Stay at Home’ Orders Bring Outbreak of Phishing Scams


SUMMARY: With more people working from home due to the coronavirus pandemic, scammers are working harder than ever to steal your identity and your money. Learn how to stay safe from COVID-19 phishing.

New research shows that coronavirus-related phishing attacks have increased by 667% since the end of February. Members should be on high alert for potential scams.

As people spend more and more time on their devices whether working from home or distance learning – or a combination of both – scammers are spending more time on their devices, too. The new circumstances created by coronavirus stay-at-home measures provide scam artists with new, high-value opportunities to launch phishing attacks against consumers and businesses alike. With so much confusion and uncertainty surrounding our new normal, the focus on COVID-19 rather than COVID scams, results in more and more people falling victim.

What is phishing?

In a phishing attack, scammers send out emails that appear to be from an individual or an organization you trust. They could impersonate a government agency or a financial institution – even TDECU. The scam artists carefully craft their phishing message to make it look like it’s the real thing – with a logo and convincing language.

The emails are designed to lure you into clicking on a website link in the email. Sometimes the web page is a form that you’re then asked to complete, providing sensitive information like a Social Security number or an account number. Other times, the phishing email links initiate the download of malware that steals your login credentials or that hijacks your computer until you pay a ransom.

In order to prompt you into immediate action, the messages often use language that is urgent in tone. For example, they may claim your account will be closed in 24 hours, or that you will miss out on a cash payment unless you act now. The purpose of this is two-fold: to prompt you into immediate action and to distract you from clues that the sender might not be who they say they are. Messages can also sound threatening, such as claiming that your economic impact payment will not be sent unless you follow their instructions, for example.

What are the types of coronavirus phishing attacks?

In the current circumstances surrounding the coronavirus pandemic, the trend in phishing attacks is preying on your fears and emotions. Whether related to health, jobs, finances, community well-being or safety – they work to turn those fears into opportunity.

The two most common types of phishing attacks are COVID scams and brand impersonation.

COVID scams vary widely, but with the rise of coronavirus, more and more scammers are turning to fake offers of goods and services related to the pandemic. Anti-viral medications, masks, sanitation supplies and more are all on offer. With these items in short supply, many people are jumping at the chance to buy. But after the “sellers” take your payment information, the buyers find that they receive nothing – or counterfeits – in return. Afterward, the scammers are in possession of your financial account number or even personally identifiable information they can use to steal your identity.

Other COVID scams take advantage of the wish to do good during this time. Phony charitable organizations request donations that never go to the intended cause. Some COVID scam emails claim to be working on a coronavirus cure while others pretend to be providing assistance for frontline workers. NOTE: In the instance you wish to support a cause during this time, we recommend visiting the websites of trusted charitable organizations to see how they might be working for the good of your community.

In brand impersonation attacks, there is a rise in impersonation of financial institutions and government agencies working closely with the pandemic and relief efforts – such as the Centers for Disease Control and Prevention (CDC) and the IRS. Emails claiming to be from the CDC and the World Health Organization have already been reported to deliver malware. People working from home are also targeted with messages claiming to be from their employers – and college students are seeing similar messages that appear to be from their universities. Other phishing attempts appear to be from government agencies responsible for distributing economic impact payment checks. The emails claim you need to provide private information in order to receive your money.

What recipients of these kinds of emails need to remember is that the government, like TDECU and other financial institutions, doesn’t need your personal information. They already have it.

At TDECU, we’re seeing this type of impersonation firsthand. We recently discovered fraudulent social media content posted in our name trying to lure our Members into providing personal information to apply for an Assistance Loan. Other Members reported receiving an email from TDECU asking them to reset their password. If you did not request a password reset this is a scam. Also, please know that if we need to reach out to you for any reason, we will never ask for personally identifiable information, like your Member Number or PIN.

What to watch for?

Now that you know about the problem phishing attacks pose to all of us, let’s talk about the specific clues to look for when you receive an email solicitation:

  • Suspicious Sender – When you receive an email, you likely look in the “from” field of your mail app to see who sent the message. The problem is that this sender information is easily faked. To verify the real sender information, dig into the email’s properties. How to do this depends on what you use to read email, but it may be as simple as clicking on the sender name.
  • Mismatched URLs – The email will feature a link for you to click – supposedly to buy coronavirus treatments or supplies or to provide information for securing your relief payment, as examples – but before you click, hover your mouse over the link. The URL that pops up should match the name of the company that sent you the message. If not, it’s probably fraudulent.
  • Lack of Security – When you visit us at, the full address you’ll see in your web browser is “” See that “s” in “https”? It’s there to indicate that our site is secure. If you visit a site that begins with “http://,” that means the site is not secure – and you should not provide any personal or account information.
  • Poor Writing – Not everyone is a grammar guru – and we all make mistakes. But coronavirus phishing scam artists make more than their fair share. When you receive an email that is full of typos or is unprofessional in tone, be suspicious.
  • Urgency – Cybercriminals want to prod you into immediate action so that you don’t have time to think through details or notice something unusual, using words like “urgent,” “immediate” or “action required.” Not all instances of this indicate phishing or fraud because sometimes financial institutions and government agencies do need to reach you. However, you should always verify these urgent-sounding messages by contacting the sender at a phone number or web address you can find independently.

What to do about phishing?

Though no one is immune to coronavirus phishing attempts, there are ways to stay safe if you are targeted. Here are our top tips to follow when you receive an email solicitation

  • Never provide your personal or account information in response to an unsolicited phone, email or text request. If it’s an offer that interests you, find another way to take advantage and do your research first.
  • Never click on the link provided in a suspicious email or popup or follow its instructions unless you can verify the identity of the sender and of the website.
  • Contact the financial institution directly using a phone number or web address you can verify from another source if you need to follow up about the offer or to report your suspicions.
  • Forward the suspicious email to the Federal Trade Commission at and then delete it without clicking on any of its links. If you've received a suspicious TDECU email, text or phone call or have visited a suspicious website, immediately send the information to
  • Review your financial account statements or Digital Banking transactions regularly to ensure all charges are correct – and if something appears to be suspicious, contact the financial institution immediately.

What to do if you’re a coronavirus phishing victim?

If you’ve fallen victim to COVID scam artists attacking in these unprecedented times, there are steps you should take immediately, though exactly what you need to do can depend on the type of attack you’ve received.

  • Malware – If you download malware, disconnect from the internet and enter safe mode (see your operating system help guides for instructions on how to do this). Throughout your next steps, avoid logging into any accounts. Check your computer’s “Resource Monitor” for Macs or “Activity Monitor” for Windows PCs to quit or exit out of the malware that may appear on the list of applications. Then you can remove the malware by running a scan from a trusted source. Lastly, check your browser settings to verify the default homepage is correct and clear your browser’s cache.
  • Credential Theft – As soon as you realize your account login information, like your user name and password, have been stolen, it’s time to begin the tedious process of changing your credentials for every online account. Contact the organization associated with the account to notify them of the problem, too. Make sure you use strong passwords that are not easily guessed and use a unique password for every online account. If remembering unique passwords is too difficult (and of course it is!), then you may want to consider using a password manager. A password manager is a software tool that stores unique and very strong passwords for all your accounts for you so that all you have to do is remember one for that password manager software.
  • Identity Theft – If something like a financial account number or your Social Security number are stolen, immediately alert your financial institutions and close affected accounts. You’ll also want to place fraud alerts on your credit files with the three credit reporting agencies: Equifax, Experian and Transunion.  If possible, file a report with the local police.

For more ways to recover from a phishing attack, visit the FTC’s online identity theft resource at

Protect yourself!

You can further protect yourself against coronavirus phishing attacks by taking a few extra preemptive steps – good practices for anyone who uses a connected device and email.

  • Use a spam filter and virus protection software.
  • Keep your PC’s or device’s security software up to date and active.
  • Use multi-factor authentication, which requires at least two login credentials for accounts.
  • Back up your data.
  • Use strong, unique passwords for every online account and don’t share them with anyone.

Where to get the real facts?

When you’re looking for the latest information about the coronavirus pandemic and its effect on your community, your best bet is to go directly to reliable sources like government agencies and healthcare organizations.

Where to get financial information?

To stay up to date on federal economic relief programs, you can find information on the Internal Revenue Service website. They offer a link to a resource section devoted to coronavirus tax relief and a page devoted to economic impact payments.

There are other government relief programs available at This includes information on the Coronavirus Aid, Relief, and Economic Security (CARES) Act, unemployment help, and home loan resources.

Check with TDECU directly at for any information related to our financial relief solutions for Members due to COVID-19. The Solution Center also includes information on small business relief efforts and mortgage loan relief efforts.

Where to get health information?

For health information related to the novel coronavirus, you can start by visiting your healthcare provider’s or insurer’s website.

The Centers for Disease Control and Prevention (CDC) website has all the current details about the coronavirus, including how it spreads, symptoms, case numbers and more.

The World Health Organization (WHO) website offers further insight into the virus and content about myths related to COVID-19.

The National Institutes of Health website offers up-to-date information about the coronavirus as well and coordinates information from multiple organizations.

It’s a shame that during this time scammers are exploiting people during this difficult time – but we will get through this together. By taking a few extra precautions, you can stay safe online, too. For more resources, visit TDECU’s security and fraud center.