Protect yourself from cyberattacks involving the coronavirus

Protect yourself against COVID-19 online too.

The public's growing concern for the coronavirus is being exploited by cybercriminals, who are carrying out e-scams to get private information from users. 

The types of cyberattacks that are being carried out to engage in these crimes are mainly:

  • Phishing: emails in which they impersonate an official organization and attempt to redirect the user, via a link, to a fake website where they can enter their personal and/or banking details. They may also contain an attachment infected with malware.
  • Smishing: the modus operandi is the same, but the channels used are SMS and instant messaging tools such as WhatsApp.

Be careful and stay alert if you receive any of the following fraudulent emails or messages related to the coronavirus that are making the online rounds these days:

  1. WhatsApp message pretending to be from the Ministry of Health with some recommendations for dealing with the new disease. The text features the headline 'CORONAVIRUS ALERT. Urgent message from the Ministry of Health' and contains a link that redirects users to a fake website selling masks.
  2. Email in which they impersonate the company's internal department and invite the recipient to download a PDF, infected with malware, with the protocol that the company has activated for communicable diseases.
  3. Email from the World Health Organization (WHO) that includes a button to download safety measures (written in English, Security measures). The email is signed by one Dr. Stella Chungong.
  4. Email from sender CDC-Covid19@cdc.gov at the Centers for Disease Control (CDC), informing of the spread of the coronavirus and requesting donations via bitcoin. The email, written in English, is signed by the Division of eHealth Marketing. There is another email pretending to be from the CDC that has a malicious attachment that allegedly contains the latest statistics on the affected victims.
  5. Several online maps have also been detected showing the number of people in each country infected by the coronavirus. The websites and applications that host them contain spyware and malware and have been designed to infect users' devices.

The following security recommendations will help you identify this type of cyberattack and properly protect your sensitive information and devices:

  • First, no official agency requests personal data via email, SMS or WhatsApp, so don't provide your details through any of these channels.
  • Verify the sender of the emails and any links they include and be wary if they contain strange letters and characters. You always have to check the website address a link wants to take you to before clicking on it. 
  • Don't download any attachment on COVID-19 without first making sure that it's from a legitimate source.As the authorities have stated, you won't get the cure for the coronavirus through the mail.
  • Don't download unofficial applications to find out the global scope of the coronavirus.
  • Avoid spreading content that has not been verified, since it can be part of a malicious disinformation campaign.
  • BBVA recommends using online channels and supports calls to #StayHome and #Letsstopthisvirustogether. Go to bbva.es or to the BBVA app and take advantage of the features of our Online Banking to do all your queries and transactions from the safety of your own home.