As we continue to social distance and wear masks to protect ourselves from the coronavirus, some of us are still taking undue risk online. With cybercriminals capitalizing on pandemic anxiety, this has only heightened the need to be even more vigilant. Here's a rundown of how to protect yourself online.


When it comes to cybercrime, you’ll often hear the word “phishing,” which is an attempt to trick you into providing a password, data or even money. Most phishing attacks occur through email.

If you receive an email that’s either unsolicited or just seems suspicious, don’t ignore that instinct. Before opening the message, first consider the subject line and the topic. For instance, any communication you receive regarding health and virus information, working from home, personal security or taxes warrants extra caution. Also, consider the tone. Cybercriminals are preying on people’s heightened emotions surrounding the coronavirus. Is the language of the email touting a cure or telling you to “act now”? If so, this should raise red flags.

Next, take a moment to verify the sender’s email address. Are there any slight misspellings? Cybercriminals often impersonate a sender whose name you’re used to seeing in your inbox to encourage you to open the email.

Even if the sender’s address looks legitimate, look for any suspicious links or attachments. You want to ensure you’re not opening any links or documents that could contain malware, as doing so can give criminals access to sensitive information. It’s good practice to hover over the URL with your mouse to see where the link leads before clicking.

If nothing looks outright amiss but you still have any doubt, delete the suspicious email. You can always follow up with the sender in a separate message or by phone to confirm the email’s veracity and have them resend it. And remember that cybercriminals don’t just stop at emails — you should exercise the same caution if you receive an unsolicited text, phone call or social media message.


To safeguard your online accounts, a strong and varied password is key. You want to use a mix of upper- and lower-case letters, as well as numbers and symbols. Don’t use any names, dates or numbers that can be tied to your identity — you want to make it as difficult as possible for someone to guess it. Avoid using the same password for multiple accounts, and if possible, use two-factor authentication so that anytime someone signs into your account on an unrecognized computer, that person will need an additional code (usually sent to you via text). This is particularly important for your primary email. If a hacker can get into your email, they can often reset passwords for other accounts.

When logging into your accounts, make sure you’re using a personal or company internet connection, rather than public Wi-Fi to prevent criminals from gaining access more easily. If you receive a message confirming your account activity, review the notification as soon as possible to make sure it’s accurate. If it’s not, you should immediately report it, and be sure to do so using a phone number that you verify on your own — not by clicking a link in the suspicious email.


Hopefully it goes without saying that you should pay particular attention to your financial accounts. In addition to keeping tabs on your account activity, it’s a good idea to get in the habit of requesting a copy of your credit report each year. You are entitled to one report from each of the three credit reporting agencies every year, and you can request them at for free.

Another way criminals can attack your financial health is through identity theft, which occurs when someone wrongfully obtains your confidential information and uses it for financial gain. Fraudsters have been known to fill out false applications for financial or credit accounts, so work with your bank and credit companies to set up alerts to flag your account for any suspicious activity. You can also look into freezing your credit to prevent someone from creating a fake account in your name.

Recommended Reading