Exploiting the Pandemic: A new Excel-based Phishing Attack
Microsoft has reported a large-scale phishing campaign that uses an Excel attachment as bait. The email is intended to look like it came from the Coronavirus Research Center of John Hopkins University. The email includes an Excel attachment disguised as statistics of Coronavirus-related deaths — but the file actually contains a hidden piece of malware.
If you open the infected Excel file and click “Enable Content” when prompted, a program called NetSupport Manager will be automatically installed on to your computer. This program is a tool that allows someone to access your computer remotely.
Here are some ways to protect yourself from this scam:
- Think before you click! The idea is to exploit your thirst for up-to-date pandemic data, so they use this as bait.
- Never download an attachment that you weren't expecting.
- Always go to the source. Any time you receive an email that claims to have updated COVID-19 data, use your browser to visit the official website instead of opening an attachment or clicking a link.