Top COVID-19 scams to be wary of

The COVID-19 pandemic has brought huge changes to our lives – more time at home, more mask-wearing in public places, more hand-washing and sanitizing.

Unfortunately, cyber criminals are using the pandemic as an opportunity to scam Canadians out of their money and personal information. These scams can be convincing and terrifying.

But there are steps you can take to protect yourself. Being informed about the types of cyber scams that are out there, you can take steps to stay secure.

Phishing scams: Malicious emails, text messages and phone calls"dialogue boxes, cursors, eye notifications and coronaviruses"

Cyber criminals thrive on uncertainty, and COVID-19 provides an ideal environment for them. Our lives have been turned upside down, we are more worried about our health and we are seeking more information.

Cyber criminals prey on people’s anxieties and fears about COVID-19 to trick them into giving up information that they otherwise wouldn’t.

For example: A common cyber scam involves phishing. Cyber criminals send emails to victims, claiming to be from a hospital or government organization. These emails might claim to be a notification that you have been in contact with someone who tested positive for COVID-19, that your COVID-19 test results are ready, or that you’re eligible for government funding.

The goal could be any number of things: To get you to give up personal information or money, or download a virus-infected attachment.

You can minimize your chances of being a victim by being cautious.

If you receive a message asking for personal information or money that uses COVID-19 as a jumping off point, don’t respond.

Instead, try to find a way to verify the information independently. For example: If you receive an email claiming to be from a hospital, call the hospital to verify the information is legitimate.

Chances are, it’s not.


The Public Health Agency of Canada is a reliable source of information on COVID-19, as are provincial and territorial resources.  Visit and follow the following social media accounts for useful, accurate information on the current health situation:

Health Canada (@HealthyCdns / @CANenSante)


Dr. Theresa Tam, Chief Public Health Officer (@CPHO_Canada / @ACSP_Canada)
Health Canada (@GovCanHealth / @GouvCanSante)
Prime Minister Justin Trudeau (@CanadianPM / @PMcanadien)

Ransomware: Fake mobile applications

Another popular COVID-19 cyber scam involves mobile applications.

In this example, cyber criminals create a fake contact tracing mobile application that claims to alert users if they have been in contact with someone who has COVID-19.

The mobile application then hijacks the user’s phone and only gives their access back if they agree to pay a ransom – an example of what’s known as ransomware (a form of malware).

It just goes to show that not all cyber scams are carried out through direct requests for information or money. Some rely on common behaviours such as downloading an app, which is something many of us often do.

The best defence is to be vigilant. Remember that cyber criminals are skilled at disguising websites and mobile applications to make even ransomware look totally legitimate.

Spoofing: Fake “government” websites

Another popular COVID-19 themed cyber security scam involves websites that look like government websites in nearly every way – from design to what appears to be a legitimate URL.

Instead, though, these websites are clever re-creations by cyber criminals that are designed to trick users into giving up information they otherwise wouldn’t.

The goals of spoofing may be different – sometimes it’s to get users to download malware, other times it’s to encourage them to give up personal information or money – but the results are nearly the same: A victim is victimized by a clever-looking fake website.

Spoofing is difficult to spot, but there are telltale signs. For example: A URL may look like the legitimate one, but there are usually slight variations that show it’s a fake.

Also, cyber criminals put a lot of time into making spoofing sites look legitimate, but their designs and user layouts frequently look off in different ways. For example, a cyber criminal might create a website that looks like a trusted government institution by using similar colours, logos, and designs. Cyber criminals hope that you fall for their trick so that you enter (and give up) your personal information.

As with most cyber security risks, being on the lookout for telltale signs of phishing can help you stay secure.


The COVID-19 pandemic has introduced more uncertainty into our lives. That uncertainty allows cyber criminals to thrive in their efforts to trick you into giving up personal information, access to your accounts.

By following these steps, you can make it that much more likely you’ll stay cyber secure for as long as the pandemic lasts and well after it’s over.


Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: