Phishing scams are not new and are becoming more and more prevalent. Attackers often use phishing scams in conjunction with a subject of great interest, in this case, the government relief for the COVID-19 pandemic. Often times these scams include an urgent call to action or threats, so be suspicious of emails that claim you must click, call, or open an attachment immediately. Spelling and grammar errors are also common in phishing scams as are suspicious links and mismatched domain names. If an email claims to be from a reputable company but the email came from a separate domain, it is likely a scam. Federal agencies and financial institutions rarely send requests for sensitive personal information—if an individual receives such a request, it is always important to verify the source and contact the organization for clarification. For individuals who are victim of a phishing scam, it is important to change the passwords to any accounts or logins that may be affected. Additionally, users should ensure all accounts have multi-factor authentication enabled. Notify financial institutions immediately so they can monitor accounts for suspicious activity and report the incident to the appropriate law enforcement agency.

Sources: https://hotforsecurity.bitdefender.com/blog/phishing-campaign-uses-new-york-department-of-labor-logo-and-pandemic-aid-info-to-steal-private-information-24946.html?web_view=true