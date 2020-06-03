Microsoft has reported a massive phishing campaign that uses an Excel attachment as bait.
The phishing email looks like it is from the Coronavirus Research Center of Johns Hopkins University — a well-known medical organization in the United States. The email includes an Excel attachment disguised as an updated list of coronavirus-related deaths, but the file actually contains a hidden piece of malware.
If you open the infected Excel file and click “Enable Content” when prompted, a program called NetSupport Manager will be automatically installed on to your computer. This program is a tool that allows someone to access your computer remotely.
Cybercriminals are using NetSupport Manager to gain complete control over a victim’s system; allowing them to steal sensitive data, install more malicious software, and even use the machine for criminal activities. Don’t be a victim!
Here are some ways to protect yourself from this scam:
• Think before you click! The bad guys know that you want to stay up-to-date on the latest COVID-19 data, so they use this as bait. They’re trying to trick you into impulsively clicking and downloading their malware.
• Never download an attachment from an email that you weren’t expecting. Remember, even if the sender appears to be a legitimate organization, the email address could be spoofed.
• Always go to the source. Any time you receive an email that claims to have updated COVID-19 data, use your browser to visit the official website instead of opening an attachment or clicking a link.
• Stop, Look, and Think. Don't be fooled.
