Coronavirus: Cybercriminals target health workers with scams, phishing and misinformation

Rob Waugh

As the coronavirus pandemic continues, cybercriminals are unleashing computer viruses in an assault on health workers designed to steal and spread fake information. 

The US Health and Human Services (HHS) Department faced a cyber attack which circulated fake rumours of national quarantine, it was reported on Monday.

Cybercriminals are exploiting the coronavirus crisis to target healthcare workers (Getty)


Cyber experts have warned of a “steady stream” of phishing attacks where cybercriminals prey on people’s fears about coronavirus.

Latest coronavirus news, updates and advice

Live: Follow all the latest updates from the UK and around the world

Fact-checker: The number of Covid-19 cases in your local area

Explained: Symptoms, latest advice and how it compares to the flu

Attackers have targeted healthcare workers with phishing emails themed around coronavirus and pretending to offer information.

One recent scam targets healthcare staff with an invitation to an “all staff seminar” to discuss the virus, but which requires Microsoft Outlook credentials.

Read more: Youngest patient dies of coronavirus aged just 45

Staff who fall for the scam find that the link does not work, but sends passwords to hackers, Sky News reported.

Kiri Addison, head of data science at security firm Minecast, said: “There's so much uncertainty around coronavirus, they're just going to prey on people's fears.”

Read more: Restaurant offers free meals for frontline NHS staff

Paul Bischoff, privacy advocate at Comparitech, said: “Hackers and cybercriminals have been quick to take advantage of the coronavirus outbreak. 

“This happens any time there is a public health crisis or catastrophe in which people are desperate to find more information and contribute to those affected.”

Read more: British volunteers to be infected with coronavirus

For anyone, whether a health worker or a civilian, staying safe from such scams involves basic cybersecurity precautions, Bischoff said.

He added: “Basic security precautions should prevent you from falling victim to phishing. Never click on links or attachments in unsolicited emails.

“Cross-check the domain of the sender's email address and any links in the email against the official website domain found through Google.

“Phishing attacks are cheap, easy and difficult to trace. So even though most people won't fall for the scam, criminals only need to trick a few victims for the attack to be profitable.”