× Freshbooks App Logo
Official App
Free - Google Play
Get it
13 Min. Read

How To Protect Yourself From COVID-19 Scams

According to the FTC, 1 in 10 adults in the United States will fall prey to a scam each year. From imposter scams alone, people in the US reportedly lost over $667 million USD.

In this time of economic uncertainty, there’s plenty of reason to be hyper-vigilant of scams. As of right now, there is no clear sign when the pandemic will end, leaving many people in a state of financial instability. If you let your guard down, you can fall prey to a new breed of opportunists taking advantage of people’s vulnerability. 

In fact, reports of COVID-specific scams are already coming in, from peddlers of miracle cures to fraudsters posing as officials from WHO and the CDC. The proponents of these scams are banking on the panic surrounding the virus to exploit people for money. 

To help you avoid falling prey to COVID-19 cons, here’s a comprehensive guide to the most popular scams today, along with tips on how to protect yourself from scams and what to do should you fall for one.

How To Spot A COVID-19 Scam

The best way to avoid a scam is to know how to spot one. Here are four tell-tale signs you might have fallen for a scam.

Generic Email Greetings

Phishing emails usually open with a generic salutation like “Dear Sir/Madame” or “To our valued customer”. This is because phishing scammers send out their traps en masse to lure as many victims as possible. Sometimes, scammers avoid using greetings altogether and jump straight to the point.

Urgent Language And Fear Tactics

Scammers don’t beat around the bush. They want to get the job done as quickly as possible so they can cut all ties with you once the scam is over. Hence, they poke and prod their victims any which way just to get things over with. If the person or company you’re talking to forces you into a rushed decision, you should be wary about trusting them with your money.

Another thing scammers like to employ is fear tactics. With coronavirus-related scams, fraudsters scare recipients into thinking that if they don’t act fast, they’re putting themselves in a dangerous situation. Hence email subject lines like “WARNING: New Coronavirus Cases In Your Area” and “EMERGENCY! COVID-19 Outbreak Alert Near You.” 

Strange Links And Email Addresses

As mentioned above, scammers will try their best to mimic official emails and websites, but they can only come so close. Inspect all the URLs and email addresses found in the email closely and look for spelling errors and inconsistencies in the Top-Level Domain or TLD (that’s the .com, .gov, .int part). If the “company” is passing itself off as a US-based company, hover over the links provided to check if the TLD ends in a foreign country like ‘.ru’ (that’s Russia). 

Poor Spelling And Sentence Construction

Legitimate companies take the time and effort to write grammatically correct and spell-checked emails. Even foreign-based companies will hire translators to ensure all their materials are free of errors. Meanwhile, hackers generally don’t care about making a good impression – they just want to make money fast – so they’ll often fire off emails that are rife with errors. 

Too Good To Be True

As with any scam (online or offline), a deal that seems too good to be true will often be exactly that. While it can be tempting to score a killer deal in the midst of a recession, it’s best to protect yourself from any more financial troubles by background checking the seller.

How To Protect Yourself From COVID-19 Scams

Knowing how to spot a scam isn’t enough to protect yourself from one – especially now that scams are becoming increasingly sophisticated. As the saying goes, prevention is better than cure. Here are five ways you can protect yourself from a scam.

Never Share Your Personal And Banking Details

This one is obvious, but it bears repeating – never share your personal details with a site or person you don’t know or trust. More importantly, keep your credit card and banking details to yourself. Most people who fall prey to credit card fraud willingly give up the information themselves. 

Always Use Two-Factor Authentication

Two-Factor Authentication, also called two-step verification or 2FA, adds a layer of security to the user verification process. Instead of simply asking for your username and password, 2FA may request for fingerprint or facial recognition, or ask you to enter a code sent to your mobile number. This extra layer of security makes it harder for fraudsters to hack into your account. 

Avoid Clicking Links And Downloading Files From Unfamiliar Sources

Before clicking on any links, hover over them with your cursor to see the full URL. If the sender is trying to pass the link off as coming from an official website, such as WHO and the CDC’s, check to make sure the URL matches down to the last letter.

Meanwhile, avoid opening any attachments sent via email. As mentioned, most government and bank representatives won’t email you an attachment, especially if the purpose is to verify your information. Attachments from scammers may contain viruses such as malware, spyware, and ransomware.

Never Wire Money

Never agree to wire money via services like Western Union or MoneyGram. With money wiring services, there is no way to retrieve your money or even contest instances of fraud once the transfer has been made.

Instead, use reliable and secure payment services such as your credit card, PayPal, or Google Wallet. According to the FTC, it’s best to avoid using reloadable cards such as MoneyPak or Reloadit, as well as gift cards like iTunes or Google Play. 

What If You Fell for a COVID-19 Scam?

If you’ve fallen victim to an online scam, here are three ways to protect yourself from further harm.

Immediately Change All Your Credentials And Passwords

Changing your login information doesn’t just apply to your email – change your credentials everywhere. This is especially important if you use the same username and password throughout all your accounts. Make sure that you use a different password for each account and avoid using obvious personal details scammers can easily find online. This means avoiding birthdays, anniversaries, locations, pet names, parents’ names, and the like.

Call Your Bank

If you’ve given your credit card details and other personal banking information to a suspected fraudster, call your bank immediately to cancel your card. You can also request to review your most recent transactions to make sure that scammers haven’t made any unauthorized purchases. If there are deductions you didn’t make, talk to your bank about their policies on disputing fraudulent transactions.

Report Scams

It may seem like an extreme measure, but the best thing you can do after getting scammed is to file a police report. Next, submit a complaint to the FTC. These steps won’t just help you get the justice you deserve – they’ll also help prevent other people from the scam.

Looking for resources to help you manage your business during COVID-19?

Check out the FreshBooks COVID-19 Resource Hub.


The COVID-19 pandemic has cast a heavy cloud of uncertainty over everyone’s head. As businesses are forced to either shut down or operate on a work-from-home situation, it leaves much of the workforce in a state of financial limbo. Unfortunately, in times like these, opportunists like scammers prey on people’s vulnerability. 

The best way to protect yourself at a time like this? Keep yourself up to date on the latest tactics.

Five COVID-19 Scams That Are Popular Right Now

Note: This is a running list of COVID-related scams that will be updated weekly. 

1. Fake Miracle Cures

The COVID-19 virus is one of the deadliest and fastest-spreading viruses in recent history. As the world scrambles to come up with a cure or a vaccine, some scammers are taking advantage of the situation to peddle fake miracle cures in the form of herbal supplements, aromatherapy, creams, teas, and even toothpaste. 

The FTC and FDA released a statement last week in which they named seven companies selling such products. Included in the list is Jim Bakker, a convicted fraudster who is peddling a “Silver Solution” that he claims can remove the virus from the immune systems of elderly patients. It should be noted that the elderly are more susceptible to acquiring the virus – they’re also statistically more prone to believing scammers. 

Aside from “holistic” treatments, there has also been a rise in ads for COVID vaccines and home testing kits. While the aforementioned holistic treatments may exist (but are ultimately useless against the virus), these supposed vaccines and testing kits may be virtually non-existent and are instead part of money wire schemes. Under these types of scams, victims are usually tricked into wiring money via Western Union or MoneyGram, only to receive nothing in return.

How Can You Tell It’s Fake?

As of this writing, there is no FDA-approved alternative medicine proven to protect or fight against COVID-19. There is also no FDA-approved vaccination or home testing kit for the virus. Any vaccination or cure will be announced first by the WHO or the CDC and coursed through reputable channels such as hospitals and the government.

2. The Virus Map

In a text scam directed at Android users, fraudsters are sending people download links to a “map” where they can track the COVID-19 virus’ movement across the globe. Once the app is downloaded, a kind of spyware is also downloaded onto the user’s phone, which then allows scammers to spy on them through their phones’ cameras and microphones. Text messages are reportedly being monitored with this spyware too.

According to Forbes, this malware works on all Android phones using the Gingerbread 2.3.2 OS and up, and is spread through links shared via SMS.

There is another similar scam offering the coronavirus map, but instead of downloading spyware onto your phone, it does something even more insidious. It downloads a ransomware virus that locks your phone, holding it “hostage” until you pay up. 

How Can You Tell It’s Fake?

The reason the spyware and ransomware scams have become so effective is because there is actually an existing virtual map that tracks COVID-19 deaths and cases around the world. This is the John Hopkins University coronavirus tracker, which can be accessed through this website. If you receive a link that directs you elsewhere, err on the side of caution and don’t open it.

Malware-containing links usually come from unsolicited SMS, so avoid responding to or opening any messages from unknown numbers and email addresses. 

3. Free Financial Assistance

As the pandemic forces everyone to practice social distancing and self-isolation, millions of workers have lost their jobs, and hundreds of businesses have shut down. According to the Washington Post, over 10 million Americans applied for unemployment benefits in March 2020 alone. 

In light of this, fraudsters are targeting the most vulnerable by sending out malware and phishing links under the guise of free financial assistance. 

According to Forbes, the “Zeus Sphinx malspam” campaign targets bank accounts from the United States, Canada, and Australia. Fraudsters posing as government and banking officials email citizens about a relief package approved by the government. They then request users to fill out a form that either steals private information or unleashes malware onto the user’s device. 

In a similar scam that has made news in the UK, fraudsters send a text message about a “goodwill payment” supposedly released by Her Majesty’s Revenue and Customers. The recipients of the texts are directed to verify credit card information in order to “receive the money”. Once you send your credit card information, the fraudsters can siphon money from your account. 

How Can You Tell It’s Fake?

Forbes advises users to be wary about unsolicited messages from government agencies and banks that contain attachments. “It’s far more likely that such an email — if legitimate — would direct you to visit your account login page,” writes Lee Matthews in the Forbes report. 

4. Emails From the CDC and WHO

Bloomberg reported that scammers are also sending emails while posing as members of the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO) – two major health organizations that have been at the forefront of the pandemic response. 

A report by Cofense Phishing Defense Center states that some scammers will use the names of the CDC and WHO to “report” new cases in users’ immediate vicinities – striking fear and panic in recipients. The email will then lure recipients into clicking on a phishing link by disguising it as a “Read More” option so they can get the specifics on the supposed cases in their area.

Experts believe that hackers could also be using this style of scam to send Trojan viruses to retrieve consumer data from big companies. 

How Can You Tell It’s Fake?

It can be hard to tell the difference between real and fake emails designed for phishing. These days, fraudsters are smart enough to use official logos and branding of the companies they’re trying to mimic, official-sounding email addresses, and even recipients’ names and phone numbers. 

However, it should be noted that the CDC and WHO only send emails to people who have subscribed to their e-newsletters. Additionally, recipients of such emails are also advised to check the email address of the sender. Emails from WHO representatives will always end in “.int”. Any emails sent from addresses like “user@who[.]com” and “user@who.org” should not be trusted.

5. Fake Medical Supplies Shop

In a time when medical supplies are scarce, it can be easy to fall for fake shops promising medical supplies you won’t find elsewhere. Scammers advertise surgical masks, gloves, and other personal protective equipment on social media shops and websites, only to disappear without a trace the moment buyers send over their money.

How Can You Tell It’s Fake?

The biggest sign that an online shop is fake – the payment method. Reputable shopping sites should be able to offer payments through credit cards, PayPal, and other similar payment schemes. Be wary of sites that request for bank transfer and wire transfer services like Western Union or MoneyGram.

If you’re still willing to give a site the benefit of the doubt, make sure to check the comments and reviews on the site. If the website or social media page doesn’t have a comments section (this is another red flag), try scouring Facebook or Twitter for what people have to say about the shop.


Save Time Billing and Get Paid 2x Faster With FreshBooks

Try FreshBooks Free Contact Sales

Want More Helpful Articles About Running a Business?

Get more great content in your Inbox.

By subscribing, you agree to receive communications from FreshBooks and acknowledge and agree to FreshBook’s Privacy Policy. You can unsubscribe at any time by contacting us at help@freshbooks.com.