Microsoft Raises Awareness About COVID-19 Phishing Campaign

Excel Documents are Part of New Phishing Campaign Attacks

The coronavirus problem and cybersecurity breaches are no strangers to the other. So much that Microsoft has recently raised awareness about a phishing campaign designed to steal user information. The Microsoft Intel team reports malicious actors to attempt to spy on infected systems with an Excel document. They do so by creating falsified emails in hopes users will click on the attached content.

According to the intel team, the emails typically follow a similar pattern. The title claims the email is from John Hopkins medical, normally with the tagline “WHO COVID-19 SITUATION REPORT.” From there, the reader is prompted to read the attached Excel “reports.” Within the falsified attachment are “reports” of Coronavirus cases with an included warning. According to Microsoft Intel, however, if the doc runs long enough it downloads the malicious NetSupport Manager.

Exploited tools

NetSupport isn’t inherently malicious. But as Microsoft’s report asserts, it’s routinely exploited by attackers to steal personal data and information. This is because, as a remote access tool, it can run commands and unintended operations on infected machines. In other words, if your PC was compromised by the Excel document, hackers could dictate what your system did. It can also attach to a command-and-control server to implement continued exploited commands.

Other similar attacks like Trickbot campaigns employ similar methods, such as sending emails containing a “coronavirus check.” They attempt to steal user information with the falsified messages.

Users should avoid downloading or opening attachments they’re unfamiliar with, especially unverified sources claiming to have information on Coronavirus.

Protecting your information

As always, there is a range of things you, your business, and your staff can do to mitigate risk. Primarily, it comes down to practicing skepticism. It’s also important to recognize the telltale signs of a phishing message or email.

Take extra precautions when reading messages related to the COVID-19 virus, and dismiss any emails requesting you to click on an outbound link
Ignore emails/messages promising medicine, cures, or financial relief – ALWAYS check official sources for the most up-to-date info on COVID-19
Keep your anti-virus software updated
Keep all relevant apps and software for work/personal use running at their latest version
Employ active monitoring on networks to check for unusual network activity
When in doubt, practice zero-trust, only reading an email when it’s been verified by the appropriate parties

Curbing the threat of phishing scams during the Coronavirus outbreak relies on taking extra precautions. Just as you wear masks and practice good sanitation to reduce the risk of contracting the virus, so should you be safe when it comes to the digital world.