Cybersecurity and awareness training specialists, KnowBe4, have revealed their discovery of a new breed of phishing trick being used by fraudsters taking advantage of panic caused by the current COVID-19 outbreak.
The malicious warning tells people they have come into contact with a friend, colleague, or family member who has been infected with the coronavirus. The email instructs them to download an infected attachment and proceed immediately to the hospital.
This particular social engineering scheme appears to come from a legitimate hospital, which is why it’s so alarming and could trick even a cautious end user. The victim is instructed to fill out a pre-filled Excel form, which is actually a macro-laden Office document that serves as a trojan downloader and is currently only detected by a handful of anti-virus applications. This piece of malware has a number of advanced functions that allow it to evade detection by security applications, worm its way deep into an infested system, and serve as a platform for a variety of criminal activities.
“This is a new type of malware that we’re seeing, as it was reported for the first time just a few days ago,” said Eric Howes, principal lab researcher, KnowBe4.
“For the bad guys, this is a target-rich environment that prays on end users’ fears and heightened emotions during this pandemic. Employees need to be extra cautious when it comes to any emails related to COVID-19 and they need to be trained and educated to expect them, accurately identify them and handle them safely.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/