Advertiser Disclosure
Advertiser Disclosure: The credit card and banking offers that appear on this site are from credit card companies and banks from which receives compensation. This compensation may impact how and where products appear on this site, including, for example, the order in which they appear on category pages. does not include all banks, credit card companies or all available credit card offers, although best efforts are made to include a comprehensive list of offers regardless of compensation. Advertiser partners include American Express, Chase, U.S. Bank, and Barclaycard, among others.

Coronavirus Scams – Real-World Examples & What to Watch Out For


Additional Resources

Sadly, the COVID-19 pandemic has given rise to grifts and deceptions that are all but certain to continue even as the pandemic subsides. COVID-19-related scams come in many forms, from identity theft schemes leveraging the promise of federal stimulus payments to snake oil remedies for a disease with no specific treatment or cure.

Some coronavirus scams encourage victims to part with their hard-earned money at a time when they can least afford to. Others prey upon our natural inclination to help others in need. Some truly sinister schemes aim to disrupt health care delivery during a period of unprecedented demand for hospital beds and lifesaving medical equipment.

All are actively harmful in one way or another. But you can learn how to spot the telltale signs of each COVID-19 scam and avoid falling victim.

Stimulus Check Scams (Economic Impact Payment Scams)

United States Treasury Stimulus Check Numbers Calculator

The early stages of the COVID-19 pandemic saw governments around the world shoveling money into suddenly declining economies in a collective bid to stave off a global depression. In the U.S., lawmakers and administration officials proposed various stimulus and financial aid measures to support affected industries, cash-strapped small businesses, and millions of suddenly unemployed workers.

Motley Fool Stock Advisor recommendations have an average return of 618%. For $79 (or just $1.52 per week), join more than 1 million members and don't miss their upcoming stock picks. 30 day money-back guarantee. Sign Up Now

One measure that immediately gained traction was a proposal to send direct cash payments to Americans, regardless of how the pandemic affected them. By late March 2020, concrete proposals had come to light.

A stimulus bill originating in the U.S. Senate proposed one-time cash payments up to $1,200 for low- to middle-income Americans, while a competing bill released by members of the House offered payments up to $1,500 per person to a broader group of recipients.

Though political wrangling delayed passage of a final measure, scammers didn’t wait to capitalize on the public’s hunger for fast cash in tough times. The negotiation and eventual passage of a second round of stimulus checks in December 2020 and a third round in March 2021 provided fresh opportunities for unscrupulous activity.

Common first, second, and third stimulus check scams include demanding upfront payment for expedited stimulus check delivery and requests for bank account or Social Security numbers to complete payment processing.

These schemes have been adapted to state unemployment benefit programs expanded during the coronavirus pandemic as well, preying upon newly unemployed folks not familiar with the unemployment claims process.

A Real-World Example

WCNC Charlotte reported on an email-based scam targeting people in North Carolina (and probably elsewhere) in mid-March 2020 before Congress officially approved economic stimulus payments.

With a subject line heralding the “COVID-19 PANDEMIC STIMULUS PACKAGE,” the message requests the recipient’s bank account and Social Security number.

Possible Variations

WCNC Charlotte’s report demonstrates a standard email phishing scam in action. Implausible as it sounds, well-crafted phishing emails work in a small but nontrivial number of cases, giving scammers who’ve spammed thousands or millions of victims ample personal information to sell or exploit.

The Federal Trade Commission (FTC) warns of two common stimulus check scam variants:

  1. Asking Victims for Upfront Payment in Exchange for Stimulus Checks or Stimulus Debit and Gift Cards. The federal government never asks people to pay out of pocket for cash assistance.
  2. Asking Victims to Take Steps to Expedite Stimulus Check or Debit Card Payments. This is impossible. In reality, the feds will likely send out payments on a staggered schedule based on some objective metric (in 2008, it was the last two digits of the recipient’s Social Security number). Individuals will not be able to change the payment order under any circumstances.

These variants don’t exclusively use email. Scammers deterred by email spam filters turn instead to text messages, robocalls, and even social media messages to perpetrate their fraud schemes and reach more victims.

How to Avoid Becoming a Victim

The best defense against stimulus check scams is extreme skepticism of any emails, calls, or text messages claiming to come from the federal government.

Other best practices include:

  • Never, ever responding to electronic requests for personal or sensitive information purporting to come from a government agency. Unless you’re explicitly notified otherwise, official communication from the IRS should arrive by postal mail.
  • Tightening the settings on your email suite’s spam filter to reduce the chances you ever see scam emails.
  • Screening calls from unknown numbers and immediately hanging up on unsolicited sales calls. Listen for a brief blip in the connection before the person on the other end begins speaking — that’s a telltale sign they’re using automated dialing.
  • Ignoring text messages from unknown numbers and social media messages from unknown accounts. Never click links in these messages.
  • Reporting attempted scams to the FTC’s consumer complaint database, your local FBI field office, or your state attorney general office.

Perhaps most importantly, understand that the first, second, and in many cases, third rounds of government stimulus checks have already been distributed. Anyone who tells you otherwise probably doesn’t have your best interests at heart.

Here’s what to do if you wonder where your stimulus payments are.

Pro tip: If the thought of your information falling into the wrong hands keeps you up at night, consider signing up for an identity theft service like Identity Guard. Identity Guard uses artificial intelligence to monitor and alert you about any potential threats to your identity.

Fake Charity Scams

Website You Can Help Donate

Fake charity scams crop up like clockwork after headline-grabbing events like earthquakes, hurricanes, and disease outbreaks. Even in good times, they’re among the most common scams targeting the elderly — though fake charity scammers happily prey on people of all ages.

COVID-19-related fake charity scams follow a familiar pattern: usually emails, social media posts, or robocall scams seeking donations to “charities” that don’t exist.

A Real-World Example

To date, no state or federal law enforcement authorities have announced criminal or civil charges against fake COVID-19 charities. However, the U.S. Department of Justice specifically warns that such scams are likely to become prevalent as the pandemic continues.

Possible Variations

A close cousin to the fake charity scam — one that’s taken on new urgency amid the panic buying and hoarding seen in many parts of the U.S. — is the fake vendor (or supplier) scam.

Fake vendors set up legitimate-looking websites and social media profiles claiming to sell sought-after provisions in short supply, such as surgical masks and disinfectant wipes. Like fake charities, they pocket whatever funds they receive and disappear.

Likewise, be wary of potentially fraudulent fundraising efforts by individuals and families. If you can’t personally confirm that a person or entity claiming COVID-19-related financial woes or medical issues on social media is speaking the truth, don’t donate.

How to Avoid Becoming a Victim

Before donating to a new nonprofit organization, verify its legitimacy using an open-source resource like Charity Navigator or CharityWatch. Don’t patronize organizations with high marketing or administrative costs, as they’re likely to be little more than slush funds for whoever controls them.

If you can’t find a nonprofit in either database, use the IRS’s tax-exempt organization search to verify the organization has even registered as a nonprofit. If the IRS has no record of its existence, steer clear.

More generally, patronize only those organizations you already know and trust. Many regional or national charities, such as the Seattle Foundation and the U.S. Chamber of Commerce Foundation, operate legitimate COVID-19 response funds or provide information about reputable funds operated by others.

Contact Tracing Scams

Contact tracing is a powerful tool for public health authorities tasked with slowing the spread of the virus responsible for COVID-19.

The process is labor-intensive, according to the CDC. A massive workforce must interview COVID-positive patients, develop a comprehensive network of their activities and contacts during the period in which they may have been infectious, and reach out to anyone with whom they interacted during that time

To be effective, contact tracing teams must repeat this process for as many patients as possible.

Unsurprisingly, it hasn’t taken long for scammers to take advantage of the new infrastructure. Since the FTC issued a general warning about contact tracing scams in May, reports of actual exploitation have blossomed.

A Real-World Example

The FTC’s warning includes an early example of an actual contact tracing scam. It’s an innocuous text message that reads, “Someone who came in contact with you tested positive or has shown symptoms of COVID-19 & recommends you self-isolate/get tested. More at [website].”

The linked website is not an authentic COVID-19 testing website, according to the FTC. Instead of providing accurate information about COVID-19 tests, it’s designed to upload malicious software onto victims’ computing devices, giving the scammers access to personal or financial information.

Possible Variations

Not all contact tracing scammers attack victims with malware. In some cases, scammers call or text victims and ask them to respond directly with personal information, such as their Social Security or bank account numbers.

Other contact tracing scams exploit workers desperate for a regular paycheck amid the pandemic’s economic fallout. These scams offer employment in contact tracing, according to the Miami Herald, but there’s usually a catch: You must divulge sensitive personal information or even pay outright for the opportunity.

How to Avoid Becoming a Victim

Fighting contact tracing scams is made more difficult by the fact that many legitimate contact tracers communicate by text message, often to let contacts know they’ll receive a call from a particular number (thus making it more likely they’ll pick up).

However, if you’d prefer to be safe, the FTC recommends setting your phone to block unwanted text messages or working with your wireless provider if your phone doesn’t have that capability.

More broadly, you should never click links in the body of text messages from unknown numbers or divulge personal information to unknown callers.

Although legitimate contact tracers might ask you to confirm details like your birthday, their framing of these questions will make it clear that they already know the answers.

And they won’t ever ask you for bank account numbers, Social Security numbers, credit card numbers, or payment; anyone who does is not on the up and up.

Coronavirus Treatment Scams & Misinformation

Covid 19 Vaccine Syringe Hospital

Multiple effective preventive vaccines against SARS-CoV-2, the specific coronavirus that causes COVID-19, are now widely available.

However, due to supply and distribution constraints, health authorities’ vaccination plans prioritize health care workers, other frontline and first response professionals, and groups especially vulnerable to serious COVID-19 disease due to age or underlying health conditions.

To ensure an orderly rollout, lower-risk individuals and those not on the front lines need to heed guidance from state and local health departments about when and where to get vaccinated.

The process of vaccinating every American who wants a shot is not expected to wrap up until well into the second half of 2021, and that’s if everything goes according to plan.

Unfortunately, this hasn’t stopped scammers and hucksters from taking advantage of Americans’ justifiable anxiety about COVID-19. These unscrupulous actors are:

  • Promoting snake oil vaccines, treatments, antibody cocktails, and preventive remedies that do nothing for patients (and, in some awful cases, actively harm those who try them)
  • Falsely claiming to have supplies of approved vaccines available to the general public (COVID-19 vaccine scams)
  • Collecting payment for spots on unauthorized COVID-19 vaccination waiting lists

A Real-World Example

According to The Oakland Press, the U.S. Department of Justice (DOJ) filed a civil complaint in March 2020 against a Texas-based website claiming to offer cheap COVID-19 vaccine kits from the World Health Organization (WHO).

But such kits didn’t exist at the time, and a federal judge quickly approved the DOJ’s request to block access to the website. Although the investigation continues, it appears that this particular scammer was simply pocketing victims’ funds.

Possible Variations

The possible variations on this theme are endless. Those specifically flagged by federal and state authorities include:

  • Fraudsters advertising opportunities to invest in COVID-19 treatments, vaccines, or preventive measures
  • Vendor claims that products not approved to treat or prevent COVID-19 can treat COVID-19 (Amazon had already seen countless claims of this nature by late February 2020, according to CNBC)

In early March 2020, the FTC sent warning letters to seven companies demanding that they cease claiming products they sold or promoted were effective COVID-19 remedies.

How to Avoid Becoming a Victim

Unfortunately, the best strategy to avoid this particular type of coronavirus scam is simply to wait for more information from your state or local health authorities about when and where to receive the COVID-19 vaccine — through official channels, not sketchy emails.

Vaccinations for older Americans, those with underlying health conditions that increase the risk of serious COVID-19 disease, and health care and frontline workers are expected to continue through the first and second quarters of 2021.

Assuming adequate supply, members of the general population can expect their turns to come during the summer and fall of 2021.

Impersonation Scams

Question Mark In Front Of A Mans Face

Impersonation is one of the oldest tricks in the scammers’ book. It’s only made easier by the Internet, which provides an impenetrable (for laypeople, at least) veneer of anonymity.

Impersonators have adjusted to the COVID-19 pandemic by inventing creative ways to convince victims they represent trusted authorities like the WHO, Centers for Disease Control, Food and Drug Administration (FDA), state health authorities, government benefits providers, and private insurers.

Their goal is simple: to extract money or personal information from victims, either voluntarily or through surreptitious malware.

A Real-World Example

The FTC’s coronavirus scams Part 2 notice provides a visual example of this scam: an email purporting to originate from the WHO containing what appears to be valuable information about COVID-19 symptoms and preventive measures.

At first glance, the email seems legitimate. The sender name shows as “World Health Organization,” the WHO’s official logo appears in the header, and the email is signed by a “doctor.”

The subterfuge falls apart upon closer inspection thanks in large part to its abrupt, error-riddled content. (“Symptoms common symptoms include fever,coughcshortness of breath and breathing difficulties.”)

But a busy recipient desperate for information about COVID-19 could conceivably miss these red flags and click the malicious “Safety measures” link and download the sender’s malware of choice.

Possible Variations

This real-world example uses an official-seeming email to deliver malware to unsuspecting recipients. Said malware is often ransomware, a program designed to lock users out of their devices unless they pay a monetary ransom to the attacker.

The FTC also warns of:

  • Impersonation emails or text messages that ask recipients to provide bank account information, Social Security numbers, and account IDs and passwords.
  • Emails that co-opt legitimate resources, such as the FDA, to spread malware or extract valuable information. The FTC cites a scam that displayed the actual Johns Hopkins University coronavirus infections dashboard in a malware-laden message.
  • Phishing emails impersonating someone the recipient knows and trusts. Such emails could purport to contain useful information about COVID-19 or ask the victim to wire funds to help someone fighting the disease.

How to Avoid Becoming a Victim

Skepticism is the best defense against email and text scams. When in doubt, don’t open the message, and definitely don’t click on any links.

Additional precautions include:

  • Installing antivirus or antimalware software and keeping it updated
  • Tightening spam filter controls to block more suspicious emails
  • Backing up data to a cloud account (such as Apple’s iCloud or Dropbox) or an external storage device to limit the adverse impact of ransomware
  • Keeping your devices’ (including your phone’s) operating systems up to date
  • Never responding to dubious emails or text messages
  • Securing sensitive accounts with multifactor authentication so no one can access them with a password alone

Health System Hacking Attacks

Hacker Hacking Keyboard Cyber Crime

Even if they don’t meet the technical definition of “scam,” hacking attacks on health care systems and government health agencies affect us all.

Every minute a hospital or human services website remains down interferes with the mission of health care professionals, administrators, and government employees sworn to protect the public.

Hacking attacks that result in actual data breaches cause direct financial harm to the public by facilitating identity theft — much of which occurs without victims’ direct knowledge.

A Real-World Example

In mid-March 2020, the U.S. Department of Health and Human Services suffered a distributed denial-of-service attack (DDoS) designed to slow or crash its systems, according to Bloomberg.

The attack came amid the federal government’s increasingly urgent response to the mushrooming outbreak and could have been far more disruptive had the hackers succeeded in taking HHS offline.

In late October 2020, hackers targeted several hospitals directly. The attacks prompted an urgent warning of “an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers” from the U.S. Cybersecurity and Infrastructure Security Agency.

In some cases, these attacks used an aggressive malware program called Trickbot to hold victims’ systems hostage until their owners paid a hefty financial ransom. These attacks could also result in data loss and disruption of health care delivery, according to the agency.

Possible Variations

The late October attack represented an escalation in threat activity against health care providers and infrastructure.

But less sophisticated attacks are widespread as well, according to an Electronic Frontier Foundation list of hacking and scamming attempts that hospital systems have already experienced during the COVID-19 pandemic:

  • Malware-laden emails purporting to contain important information from official authorities, such as the CDC
  • Malware-laden emails purporting to originate from medical suppliers with which the recipient is familiar and that (at first glance) appear to involve official business
  • Emails from trusted senders asking the recipient to click a link to log into a work account, such as an Outlook suite, giving the attacker a back door into their organization’s systems

It’s no accident these examples resemble common variations on the COVID-19 impersonation scam.

Because all organizations have employees who are susceptible to deception, the strategies hackers use to gain access to individuals’ computer systems and accounts very often work at scale.

How to Avoid Becoming a Victim

For frontline health care employees and those in supporting roles, such as health care IT, health insurance, and public administration, the Electronic Frontier Foundation offers guidance on spotting and avoiding hacking attempts:

  • Always check that an apparent known sender’s email matches perfectly with prior communications from that sender. Even a one-character discrepancy is a sign the message is not genuine.
  • Avoid clicking or tapping on suspicious links. If you can mouse over the link without clicking, inspect and compare it with similar links you know to be genuine.
  • Don’t download attachments from unfamiliar senders.
  • Use another medium (for instance, phone calls) to contact the sender and ask if the message is genuine.

Final Word

The COVID-19 pandemic is without precedent in living memory. But one aspect of the crisis is distressingly familiar to anyone who’s been paying attention to the news in recent years: an explosion in scamming and exploitation, turbocharged by the Internet.

And these are only the most common COVID-related scams and attacks.

This list doesn’t even encompass grifts that fail to rise to the level of a true scam, such as individuals and shady online retailers hawking questionable test kits or charging exorbitant prices for sought-after supplies like hand sanitizer and disinfectant wipes. No one should have to pay 10 times the going price for products that could prevent illness.

It would be wonderful if terrible circumstances didn’t so reliably bring out the worst in people. Sadly, that’s not the world we live in, and the COVID-19 pandemic’s eventual end will do nothing to change that.

Your best bet is to arm yourself with knowledge of how scammers operate and an abundance of caution.

Coronavirus Scams Ig


Sign up for a CIT Bank Money Market Account and earn 0.85% APY + receive a free year of Amazon Prime. No monthly service fees.

Stay financially healthy with our weekly newsletter

Brian Martucci writes about credit cards, banking, insurance, travel, and more. When he's not investigating time- and money-saving strategies for Money Crashers readers, you can find him exploring his favorite trails or sampling a new cuisine. Reach him on Twitter @Brian_Martucci.