It’s only two months since I wrote a column about April Fool’s Day tricks to play on your workmates or family or friends.
“Obviously do not try these things if the person you are pranking is on a deadline or is having a bad day already,” I wrote. Little did I know that come April 1, many people would be having bad days, or at least unusual days, compared to their pre-lockdown and pre-pandemic days.
In my defence, while Covid-19 was being covered in the media at the time of writing, it wasn’t a huge focus in New Zealand. The World Health Organization had not yet declared it a pandemic and we would not have our first case until a week after I hit the “Send” button.
While it did not take long for the world to change, it also did not take long for scammers to take advantage of the situation. By the time you read this we will hopefully be at Level 2 or better, but one thing is likely – the scammers will not let up.
Google summed it up well in April: “Hackers frequently look at crises as an opportunity.”
In a world that feels upside down, it might seem plausible that the Ministry of Health would email you asking for information, or that your bank would email offering support or that a charity would email asking for donations.
In late April, Google’s threat analysis group reported 18 million daily malware and phishing attempts related to Covid-19 in the previous two weeks – in addition to more than 240 million Covid-19-related spam messages.
Google says Covid-19 messaging is being used in cyberattacks, with a range of new scams such as phishing emails (emails appearing to be from a legitimate source asking you to provide things like usernames, passwords and banking details). Google has seen emails purporting to be from charities and NGOs battling Covid-19, emails pretending to be from work administrators to employees working from home and even emails spoofing healthcare providers.
“Our systems have also spotted malware-laden sites that pose as sign-in pages for popular social media accounts, health organizations, and even official coronavirus maps,” they said.
I wrote about how to spot a scam in April last year and the main advice I offered then still stands.


• Poor spelling and grammar.
• A disguised email address: mouse over the sender’s address in the email on a computer (or right click on it) or tap on it on a mobile device and you will see the underlying address. It may be obviously wrong (e.g. an email purporting to be from the IRD that is from or a more subtle take on the address that looks legitimate at first, e.g. instead of
• Rather than using your name in greeting, the sender uses your email address or has a generic greeting (eg “Dear Client”).


• Do not give them personal information – in fact, it is better to never reply at all. Replying confirms your address is active and you could end up with even more spam.
• Never click on links or open attachments unless you are certain the email is legitimate. Hovering your mouse over any link will reveal the full website address, but it is best to manually log in to the organisation or company’s site and see if they have tried to contact you. Sometimes scammers set up a fake website that has a URL that is similar to the legitimate one and which looks identical when you view the site.
• Use the “junk email” or “block sender” function of your email. If you’re not sure how to do that – try googling instructions for the device and email software you’re using. Failing that, at least the email.
• Google key phrases from the email and see if other people have reported the same email as a scam.
• If you’re working from home, use your company’s address for emails – don’t use your personal email address.
• Keep your security software up to date on your computer.