Phishing emails and scams

Glowing red keyboard

Part of looking after ourselves as we try to keep up with our work during these testing times is making sure our use of the internet is safe.

There is already evidence of online criminals taking advantage of the COVID-19 crisis. They prey on our need for information and guidance, and on our insecurity and need for urgency and action. They may contact you by telephone, text message and email to try to trick you into reacting. When you do, they intend to steal your passwords, your banking logins or compromise your computer and steal the data it contains.

The criminal threat will only increase through the current difficulty.

To help you, the Data Protection Officer and IT Department plan to keep you up to date with information about the latest malicious cyber attacks you might be exposed to.

There are many types of attack, but they all follow a handful of themes. You will find more information about some of these below.

The basic rules for checking your messages still apply and will protect you from the majority of these attacks:

  • Be a healthy sceptic
  • When you receive an email, stop and think, "is this a scam?"
  • Don't just open an email, check the sender first, look at the message title. Satisfy yourself that a message is genuine (you can check the sender email address by hovering your mouse over it).
  • Never click on a link in an email. Instead, you should go online and navigate to the website yourself (for your bank, email, office system, Church, whatever service is involved).
  • Never call the telephone number quoted in an email. Refer to old bills or documents for a reliable source and dial the number yourself.
  • Never follow anything which insists you take urgent action
  • Install two-factor authentication on all your important accounts to protect them
  • If your service provider offers a password reset security option, make sure you enable it (if a criminal gets into your email or online service account, this is the first thing they will enable to keep you out, so it makes sense for you to use it to keep them out)
  • If an email, telephone call or text message is urging you to complete a financial transaction, stop. Don't do it! Check for yourself. If the message claims to be from someone you know, call them using the telephone number you know to be correct and verify.

Updates will be published on this page.

Type 1


Health Service messages - These are emails claiming to be from an NHS Trust, GP practice or a related agency with the words, "COVID-19 CONTACT" in the headline.


The email content is short, along the lines of:

"You recently came into contact with a patient who is now receiving treatment at NHS Lothian. Please print the attached form, which has your details prefilled, and proceed to the nearest emergency clinic."


The attached form is an Excel spreadsheet which is loaded with macros. It doesn't contain any other information. These macros are triggered as soon as the excel file is opened and contain what is called a "trojan downloader". This can silently load malicious software to your computer without your antivirus software knowing about it, which will compromise your computer and the data it holds.


Do not open the email. Do not click on any links. Do not open any attachments. Delete the message.

Type 2


Offers to help with applications for Government Financial Support packages. The word, "URGENT" often appears in the headline.


The emails contain words designed to attract your attention, either by focusing on your need for money or by creating a sense of urgency. They contain links to false websites which are designed to steal your user credentials or bank details. If you click on the link in the email you will be taken to a website which will look extremely plausible. It will look almost exactly like an Office365 login screen or a Bank access page.


Your user credentials for Office 365 may be stolen and your account used to spread scam emails, or further compromised to infect the rest of your user or contacts network. Your banking login details may be compromised.


Do not open the email. Check the sender email address by hovering over the sender name. Recognise that neither the government nor your bank are likely to send you an email referring to urgency in any way. If you are unsure, get someone else to check the email but DO NOT SEND IT TO THEM. In the current situation, it will be difficult to share the message, which is what the criminals are relying upon.

If you are looking for support with government financial assistance, contact Stewardship & Finance via the trusted links available on the Church of Scotland website. Avoid clicking links sent to you by email.

If you think you have already fallen victim to such a message, contact CoS IT department if you are a Church of Scotland email account holder, or your email service provider for other types of email account. If you clicked on a link for a page which looked like your bank, contact your bank straight away to take protective action.

Type 3


You receive an email or a text message claiming to be from a courier company with a parcel for you to either collect, or to arrange delivery. These messages are using the current social distancing as an excuse for arranged delivery.


Message is very short. It will use the name of a known delivery company (DHL, UPS, Hermes, etc) and contain text explaining that a parcel has arrived for you, and they will only hold it for 3 days before returning it to the sender, so it is important you click on a link now to arrange for delivery (pressing you with urgency and fear of loss).


Links in these messages will direct you to pages designed to steam your user credentials. Links in SMS text messages may compromise your mobile phone or cause charges to your phone bill.


Do not open the message. Delete the message.