Skip to main content
FDIC-insured. Backed by the full faith and credit of the U.S. Government.

SCAM OF THE WEEK: Exploiting the Coronavirus: Massive Excel Phishing Attack


Posted on Friday, June 5, 2020 in Privacy & Security

Microsoft has reported a massive phishing campaign that uses an Excel attachment as bait. The phishing email looks like it is from the Coronavirus Research Center of John Hopkins University - a well known medical organization in the US. The email includes an Excel attachment that is Scam photo  with padlockdisguised as an updated list of Coronavirus-related deaths, but the file actually contains a hidden piece of malware.

If you open the infected Excel file and click "Enable Content" when prompted, a program called NetSupport Manager will be automatically installed on your computer. This program is a tool that allows someone to access your computer remotely. Cybercriminals are using NetSupport Manager to gain complete control over a victim's system; allowing them to steal sensitive data, install malicious software, and even use the machine for criminal activities. Don't be a victim!

Here are some ways to protect yourself from this scam:

  • Think before you click! The bad guys know that you want to stay up-to-date on the latest COVID-19 data so they use this as bait. They're trying to trick you into impulsively clicking and downloading their malware.
  • Never download an attachment from an email that you weren't expecting. Remember, even if the sender appears to be a legitimate organization, the email address could be spoofed.
  • Always go to the source. Any time you receive an email that claims to have updated COVID-19 data, use your browser to visit the official website instead of opening an attachment or clicking a link.

Stop, Look, and Think. Don't be fooled.
The KnowBe4 Security Team

Back to Top