Tips to Manage COVID-19 Related Phishing Attacks

Tips to Manage the Threat of COVID-19 Related Phishing Attacks

Produced by Ann Davidson, Vice President of Risk Consulting | March 24, 2020

Criminals are leveraging fear over the COVID-19 (Coronavirus) to scam your financial institutions and consumers. By disguising themselves as a group or organization seeking financial support to help individuals or communities in need at this time. More and more of these phishing attacks are being reported, and it is important your staff and consumers know what to look for and what to do to protect themselves from giving out private information to these criminals.

These scams are being sent out through various communication channels - text messages, phone calls, and emails - and contain requests for personal or financial information, such as a card number, account number, and online banking information. The aim is to leverage this stolen information to fraudulently open a new account, either in branch or online, under your accountholder’s name.

Related News: "Coronavirus Widens the Money Mule Pool" Krebs on Security Article

With COVID-19, most organizations and individuals are facing interrupted environments and priorities at work and in our day-to-day lives, and criminals are taking full advantage. Help arm your employees and accountholders with tools and information to keep their guard up during this complicated time, so they don’t have the added stress of being hit with one of these malicious attacks.


Risk Prevention Education

To help employees and consumers thwart COVID-19 related phishing scams, offer education about what they should look for and do to protect against these crimes.

  • Advise employees and consumers to never respond to or open any COVID-19 related emails or email links requesting financial or private information, unless they know the individual or initiated the request.
  • Advise your employees and consumers to avoid opening unrecognized emails or email links of any kind, if it is from an unrecognized sender. Ask that they delete these kinds of suspicious emails and – if possible – report them to the FTC or and identified contact within your financial institution.
  • Advise that nobody should provide personal or financial information of any kind to an incoming requestor, even if the communication looks legitimate. Look up the requestor’s contact information, and reach out to validate the request.
  • In some cases, consumers are receiving calls pretending to be your financial institution. To prevent exposure, post an alert on your website and/or send a communication out to your accountholders stating that you will never reach out to them to request personal or financial information.
  • In some cases, scammers pose as an individual from the health community - i.e. an individual’s health care provider - requesting financial assistance to help address the COVID-19 crisis. Warn your consumers about these emails. Advise that they reach out to the organization directly to validate any type of request, even if it is from a health organization they partner with or recognize.
  • Keep an eye on the news for variations of this and other phishing crimes, to stay educated and share out relevant resource. Click here to check out WebARX's list of reported COVID-19 related cyber attacks.
  • Tell employees and consumers to be especially wary of direct requests from the CDC and WHO, as some phishing attacks are being disguised as emails from these organizations.
  • Share additional resources with education on warning signs and prevention tactics for phishing attacks, to help your employees and consumers avoid falling prey to these schemes.
    • Click here to view and share the FTC’s article on phishing scams.
    • Click here to download and share our checklist of scam prevention tactics for consumers.


Communicating to your employees and consumers about the increased risk of phishing attacks tied to COVID-19 can have a dramatic impact on reducing the risk of these crimes. Ongoing education and awareness is key to keep the fraudsters away from the credit unions and your credit union members.

Click here to register for our webinar: “It’s 2020: Don't Let Your Member Data Fall Into the Wrong Hands”

Click here to sign-up for our e-newsletters to be the first to receive educational content like this.

About Allied Solutions

Allied Solutions, LLC is one of the largest providers of insurance, lending, and marketing products to financial institutions in the US. Allied Solutions uses technology based products and services customized to meet the needs of 4,000 clients along with a portfolio of innovative products and services from a wide variety of providers. Allied Solutions maintains over 15 regional offices and service centers around the country and is a subsidiary of Securian Financial Group, Inc. Allied Solutions has tools and resources that can help you keep an eye on the potential areas of impact, protect against collateral losses, and stay on top of any new events, bulletins, and regulations as they happen.

Content in the blog posts are the opinion and views of the writer, and don't necessarily reflect the opinions or views of Allied Solutions.

Most Recent