Wash your hand regularly, don't touch your face - and be careful which emails you open? That last piece of advice might not be on your list of ways to protect yourself during the Coronavirus pandemic, but it should be. That's because experts say that scammers are taking advantage of high levels of uncertainty and fear to defraud people through COVID-19-themed phishing attacks.

So, just what is a phishing attack? Typically, it's when a fraudster makes a phone call or sends text messages or emails that look like they're coming from a government entity or company you trust to try to get you to click on a link, send them money or give them sensitive information like usernames, passwords, SIN numbers and credit card information.

While these types of attacks happened before the COVID-19 crisis, they have ramped up in recent days and become harder to spot.

Here's what you need to know to stay safe:

COVID-19 phishing scams 101

Stay safe online.
Don't feed the phish.

Traditionally, phishing phone calls, emails and texts prey on people's fears. For example, a popular scam involves receiving an email or text pretending to be from your bank informing you that your account has been breached and asking you to log in to secure your account or change your password. You panic, click the link in the email or text message, put your password and username in and accidentally give scammers access to your online accounts. The goal of these types of messages is to scare you so that you'll act impulsively and click an unknown link.

There are also COVID-19 phishing scams that are preying on people's concern about the virus. Some are asking readers to open attachments or click on links to get new information about the virus or it's spread. Others are imitating government, healthcare, medical research organizations or charities. Some even tout miracle cures, herbal remedies, vaccinations or hard to find items like cleaning products, hand sanitizer, and face masks.

How to spot a phishing email

We know that COVID-19 fraudsters are trying to get you to click on links, open attachments or reply with personal information. So, if you get an email asking you to do any of these things, don't automatically trust it.

Check the spelling: Read through the email to make sure that the spelling is accurate. Most companies and government agencies have editorial teams who carefully write all emails, so spelling mistakes are a tip off that the email you're reading might be fraudulent.

Are they pressuring you? Is the email putting pressure on you to click a link or open an attachment? Does the email say that it's urgent that you do this right away? That's a red flag. They're trying to get you to act out of fear rather than taking the time to examine whether the email is legitimate or not.

Stay clear of unknown senders: Another tip off is if you don't recognize who the email is coming from. Check the ‘From’ field in the email to make sure who the sender is. In phishing attacks, this ‘From’ address will often be disguised (or spoofed). Never open attachments or click on hyperlinks in emails sent by unknown senders, regardless of whether they are business or personal emails.

How to protect yourself

If you get an email that seems suspicious, make sure that you follow all the steps above. Only open links that you can guarantee came from a trusted sender. Have you followed all the steps above and you're still not sure if it's a trusted sender? Don't forward it on to friends or family members for their advice since they could also be scammed. Instead, report the email as a phishing scam to your email service provider.

If you get an email asking you to log into an account, you don't have to click the link in the email. You're better off using a web browser to go to the company's website and logging into your account there. That will ensure that you are on the company's webpage and not a site spoofed to look like it.

You can also protect yourself by installing anti-spam, anti-spyware, and anti-virus software on your computer. If you accidentally click on a link, these programs will help get rid of the virus when you run a scan.

While phishing attacks primarily come through emails, you should be aware that some also come via text messages. For that reason, it's a good rule to never click links in text messages from people you don't know.

If you get attacked

Even the most vigilant sometimes fall for phishing attacks. If you click on a suspicious link, install anti-virus, anti-spam, and anti-spyware software immediately or run a scan on your computer with the protective software you already have.

If you gave someone your credit card or account information via email or after clicking a suspicious link let your bank know and change your password immediately. Monitor your cards and accounts for fraudulent activity and report anything you find.

It's unfortunate that there are people are exploiting the COVID-19 crisis to take advantage of others, but by being careful and prepared you'll be able to stop them in their tracks and keep your information and accounts secure.

To report fraud or suspicious activity on your Scotiabank account, please call us immediately at 1-866-625-0561.

If you’re not a Scotia customer and want to report fraud or cyber crime, please call your local anti-fraud centre. Canadian citizens may contact the Canadian Anti-Fraud Centre (CAFC) at 1-888-495-8501, or visit the CAFC reporting page for more information.

Visit our Security Centre to report fraud or any suspicious activity, and to learn more about how to protect yourself.