Call us 7am - Midnight 0207 855 2055My.tsoHostshopping_basket0 Item(s): £0.00

keyboard_backspaceBack to the Blog

Lockdown cyber security: how to spot COVID-19 phishing scams

Lockdown cyber security: how to spot COVID-19 phishing scams

Posted 23rd April, 2020 by Sarah

8-minute read

Whether they’re standing on their doorsteps every Thursday clapping for the NHS or taking part in indoor sport fundraising initiatives such as BBC Breakfast’s The Big Bike In, the Covid-19 lockdown is bringing out the altruistic and community-minded side of people across the UK.

There’s one exception to the rule, though – and that’s cyber criminals.

While people like the 100-year-old war veteran Captain Tom Morgan walk the length of their gardens 100 times to raise money for the NHS, online bad actors are exploiting the Covid-19 crisis for their own gains.

According to Google, scammers are sending 18 million Covid-related phishing emails to Gmail users every day.

Further reports suggest that cyber criminals have already scammed £1.6 million out of both the UK public at large and businesses through Covid-19-linked phishing scams.

So, in this blog we’ll look at the sort of Covid-19 scams that are out there, top tips for spotting phishing scams in general, and how to up your security online.

5 Covid-19 phishing scams to look out for

According to organisations such as the National Fraud Intelligence Bureau (NFIB), a unit that’s overseen by the City of London Police, these are just a few of the phishing scams are currently in circulation…

Phishing emails asking for donations to the NHS

These scams are typically targeting elderly people and feature requests for donations to help with ‘medical preparations and supplies’ to help the NHS cope with coronavirus.

‘Track the virus’ technology scams

These sort of phishing attempts have been sent out via both email and text. They encourage people to download software/apps that can help track the spread of the virus. The download infects the computer or phone with ransomware and demands payment to restore the device.

Phishing emails advertising the sale of PPE

In addition to targeting individuals, these scams are often aimed at defrauding charities or businesses working on the front line of the fight against Corona. The scams involve fraudulent sellers taking payment for face masks, hand sanitiser or testing kits that never get sent to the customer.

Emails impersonating WHO or the UK Government

If you get an email claiming to be from one of these top-level organisations, a red flag should register in your mind immediately.

One phishing scam has been targeting the owners and employees of small businesses about the UK Government’s Coronavirus Job Retention Scheme. This email asks people to provide their bank account details so a ‘payment’ from the scheme can be deposited.

Phishing emails about bank account changes

These emails are often targeted at small business. They claim to be from one of the business’ suppliers and tell them that due to Covid-19-related high street bank closures, they have changed their accounts to be more online friendly. These emails request payments for longstanding products and services be sent to new accounts.

5 warning signs of a phishing campaign

The email address

The ‘from’ address of an email is usually a major giveaway as to whether the email is a phishing attempt or not. According to Info Security Magazine, the Coronavirus Job Retention Scheme email that claimed to be from the UK Government – mentioned above – actually came from this sending address ‘’.

Some phishers are a little bit more sophisticated and email addresses can look very similar to official ones. However, they will also contain little typos or inconsistencies – for example a phishing email pretending to be from tsoHost might come from an address like ‘’.

Emotive language or time pressure to act

To make victims skip over details they would usually notice, phishing emails often have a sense of urgency about them.

Look out for instructions such as ‘Alert From HMRC’ or ‘URGENT: From UKGOV'.

If an email makes you panic or pulls at your heart strings, it fits the criteria for a phishing scam and will require further investigation.

Suspicious links

Many phishing emails will ask you to click on a link. Before you click on any link in any email you should always hover over the link with your cursor before taking further action. If the link itself doesn’t match the one in the email, it’s likely to be part of a phishing scam.

Spelling or grammatical errors

Brands and official organisations have entire teams that write and edit the emails they send out, so typos are rare. Scammers don’t have that luxury so phishing emails are often laced with typos and grammatical errors.

Requests for password or account details

At tsoHost we will never ask for account or password details over email, and other reputable companies and brands won’t either. If an email overtly asks you to reveal any personal details, there’s a good chance it’s a phishing scam.

3 ways to effortlessly improve your online security

Brush up on the above warning signs and update everyone in your business

If you’re in a technical field, you might feel like telling the people in your team or your colleagues about the warning signs of phishing scams is like teaching your grandmother to suck eggs. However, it’s worth getting the ‘Are you serious?’ looks to double check everyone is up to date.

Ensure your email has inbuilt spam protection

The top personal and business email solutions come with spam protection built in. As mentioned above, Google claims to be blocking 100 million phishing emails a day from its Gmail accounts.

At tsoHost, all our cPanel hosting plans now come with Flockmail. This premium email solution has advanced inbuilt spam and virus protection. Find out more about it on our Flockmail page.

Invest in defence

The old saying goes that prevention is better than a cure, and it rings especially true in terms of cyber security.

There are a number of off-the-shelf products that will protect your website from viruses and malware should the unthinkable happen and either yourself or one of your team clicks on a link or downloads an attachment in a phishing email.

At tsoHost, we offer Sucuri Website Security. Available for as little as £4.99 a month, it scans your site daily for unwanted malware and, if it detects any, it’ll remove it, STET.


You may also like:

25 of the most popular words used in domain names in 2021
3 amazing sales campaigns and tips for your business
Web developer life: the things clients say
6 signs it’s time to switch hosting providers
Revealed: the most popular domains of 2021 so far
New: self-managed VPS hosting at tsoHost