As the coronavirus pandemic continues to ravage the world, everyone is feeling the pinch of community quarantines, lockdowns, and the existential threat of getting the virus. The US got hit particularly hard and is now leading the world in both COVID-19 infections and fatalities. To make matters worse, scammers and cybercriminals are not letting up on their attacks, targeting individuals and businesses alike with impunity.

Americans have already lost $13.4 million to COVID-19 scams, and nearly 7.5 million small businesses are under threat of permanent closure if the pandemic stretches on for several more months. If your business is struggling during this crisis, the last thing you need is to be a victim of coronavirus fraud.

Coronavirus Scams That Target Small Businesses.

Below are the top COVID-19 scams you need to be aware of and avoid at all costs.

Business Email CEO Scam

Coronavirus scammers use convincing business email purportedly from the CEO to target companies during the pandemic. The scam starts when an employee receives a spoofed email appearing to be from a high-ranking officer of the company, with instructions to transfer funds, wire money or send gift cards. Con artists are banking on the emergency and economic troubles caused by the pandemic to mask their attempts because it’s harder to verify anything now because of work-at-home arrangements.

Small Business Association Assistance Scam.

Scammers spoof emails and phone numbers to make them look like they’re calling from the Small Business Association. The scam targets struggling businesses with business grants so they can stay afloat during the pandemic. These criminals ask business owners to fill out an application form with banking details and a processing fee paid in advance. Legitimate government assistance will never ask for any fees upfront. If you receive a call or email supposedly from the SBA, do an email lookup and report the incident immediately.

Supply Chain Fraud

A lot of non-essential factories have shut down to avoid spreading COVID-19, and this has caused widespread supply chain problems for businesses. Scammers know this and have set up fake websites that look like popular online-retailers. Always remain vigilant and check the domain name and URL before entering your information. If you get a message from an unknown supplier, do an email lookup and scrutinize their website before calling them.

Social Media Government Check Scam

Another scammer favorite is using social media to launch their attacks on small businesses. The goal is to break into as many social media accounts or create fake accounts to spread their message that they got free government money by way of a grant or government checks.

IT Scams

The scam works much like the CEO scam, with the scammers pretending to be members of the IT staff and asking employees for their login credentials to conduct bogus remote maintenance or to download software loaded with malware. Like other scams, IT scams are social engineering attacks that collect tidbits of information from various sources, including social media.

Public Health Scams

Criminals pretend they’re from the World Health Organization (WHO), Centers for Disease Control (CDC), and other local health agencies, often sending text messages or phishing emails. These emails will most likely ask for your Social Security number, banking details, tax, IDs, and other personal information. These emails may contain documents infected with malware or links to a fake website. Never download files or click on any links from unsolicited emails, and instruct your staff to do the same.


Illegal robocalls are flooding work-from-home employees with attempts to exploit the coronavirus pandemic. These calls range from bogus test kits to Google My Business verification schemes. Google, legitimate financial institutions, and the government will never use robocalls or call you, for that matter. You need to call them if you want something – it’s the way things work. If you or any of your staff get a robocall regarding COVID-19 or Google, hang up immediately.

Even though everyone is hurting from the COVID-19 pandemic, it’s business as usual for scammers looking to take advantage of the crisis to make a quick buck. If you or your employees encounter anything suspicious like a phishing email or bogus pitch, contact the authorities immediately.

Ben Hartwig is a Web Operations Executive at InfoTracer who takes a wide view from the whole system. He authors guides on entire security posture, both physical and cyber. Enjoys sharing the best practices and does it the right way!

Covid-19 stock photo by CKA/Shutterstock