Don't Fall for the Latest Coronavirus Scam, Says Microsoft

Beware of Excel attachments that claim to be from John Hopkins

Phishing attempts like this one rely on tricking you into opening an attachment; make sure you aren't duped into it.

Example Excel Phishing document

Microsoft took to Twitter to warn users of a phishing exploit it's been seeing lately that can trick users into opening a fake attachment that contains malicious Excel macros.

How it works: The company said the COVID-19 themed campaign apparently started on May 12th and has used "several hundreds of unique attachments" to trick users into opening them. The emails seem to come from Johns Hopkins Center and could be titled "WHO COVID-19 SITUATION REPORT," which is a giveaway in itself. Most official emails won't yell at you in all caps.

The attachment, says Microsoft, opens with a security warning that many users ignore, thinking the graph of supposed U.S. COVID-19 cases is legitimate. The opened file runs the NetSupport Manager remote access tool and executes the malicious Excel 4.0 macro contained within.

What to do: It may seem obvious, but the only way you can avoid this type of attack is to not open any attachments like this. It's highly unlikely that Johns Hopkins is sending you a report from the World Health Organization, especially if you never signed up for such a thing. Be skeptical, and don't open things you're not sure of.

Via: ZDNet

Learn More About Scams