Microsoft explains how to protect yourself from rising coronavirus-themed phishing attacks

Laurent Giret

The ongoing coronavirus outbreak is leading to a rise of phishing attacks, Microsoft warns today, with many cybercriminals surfing on people’s fear to steal personal data. Criminal groups have various ways to attack vulnerable people, including malware, but Microsoft emphasised today that “91 percent of all cyberattacks start with email.”

Fortunately, Microsoft has built a robust defense system to block malicious emails with, Office 365, Microsoft Exchange, and Microsoft Defender all working in tandem. The company also uses machine learning, heuristics, and anomaly analyzers to detect malicious behaviours in your emails.

However, technology alone can never be 100% foolproof, and it’s important for consumers to make sure to install the latest security updates and use an anti-malware service, such as Microsoft’s free Defender antivirus. Microsoft also recommends to use multi-factor authentication (MFA) on all of your accounts, and Microsoft’s excellent Authenticator app is here to help.

If Microsoft has built solid automated tools to identify online threats, it’s still important for users to educate themselves: bad spelling and grammar, suspicious links and attachments should always raise your eyebrows, and you’re suspicious about an email, you should never click on links or open any attachments, especially those with weird file extensions such as pdf.exe” or “txt.hta”

The Redmond giant also put the emphasis on the following suspicious signs, which should always trigger an alarm:

  • Threats. These types of emails cause a sense of panic or pressure to get you to respond quickly. For example, it may include a statement like “You must respond by end of day.” Or saying that you might face financial penalties if you don’t respond.
  • Spoofing. Spoofing emails appear to be connected to legitimate websites or companies but take you to phony scam sites or display legitimate-looking pop-up windows.
  • Altered web addresses. A form of spoofing where web addresses that closely resemble the names of well-known companies, but are slightly altered; for example, “” or “”.
  • Incorrect salutation of your name.
  • Mismatches. The link text and the URL are different from one another; or the sender’s name, signature, and URL are different.

If you encounter a suspicious email or website, Microsoft also recommends using the built-in tools in and the desktop Outlook app to report messages. If you’re using Microsoft Edge, you can also report suspicious sites by clicking the More (…) icon > Send feedback > Report Unsafe site.

“While bad actors are attempting to capitalize on the COVID-19 crisis, they are using the same tactics they always do. You should be especially vigilant now to take steps to protect yourself,” the company said today. You can learn more about Microsoft’s recommendations on the company’s Security blog.