New Phishing Attack Tells Recipient They May Have Contracted COVID-19

Posted in: Resources » Cyber Heads-up


As the world continues to face the COVID-19 pandemic, attackers are preying on our fears more than ever. There is no depth to which cybercriminals will not sink, even in the case of a worldwide crisis. It’s unfortunate, but some people just want to watch the world burn. For instance…

A recent phishing campaign consists of messages that suggest the user may have been in contact with someone infected with COVID-19. The emails go on to explain that the user will be required to present a Microsoft Excel spreadsheet questionnaire attached to the email billed as a “pre-filled form” when they arrive at the emergency room. When the user opens the excel spreadsheet it prompts them to “Enable Content” which allows the malicious macros on the backend of the spreadsheet to download malware to the victim user’s computer.

Attackers have used this sort of attack to launch malware that can:

  • Steal sensitive information;
  • Install ransomware that encrypts the data on the device and replicates across entire networks;
  • Loads additional malware on to the device such as spyware or adware; and
  • Launches attacks against other devices on the network from your devices, and more.

Assura’s Take

The cyber threat environment in the face of the COVID-19 crisis is more dangerous than anything we’ve ever witnessed. The bad guys are launching new campaigns that prey on people’s fear and the new style of working from home for millions of employees.

The macro-laden Excel document uses an attack called “fileless malware”. It’s “fileless” because rather than the malicious code being contained in a purpose-built piece of code, it uses commands built into the operating system to do its dirty work. Unfortunately, only a handful of antivirus software packages can stop this type of attack.

As always, Assura advises that you remind your end-users to not open any email attachments from persons they do not know and with whom they’ve never corresponded previously. Anyone who has concerns about COVID-19 or the possibility that they were in contact with an infected individual should rely on their local health department for information and advice, not unsolicited emails.

Remind users to ask themselves these questions:

  • Did I provide my personal or work email to a medical professional/group who would use it to contact me about COVID-19?
  • Do I recognize the email address or domain?
  • Are there misspellings or links, that when hovered over, that do not go to a legitimate website?
  • Is the sender trying to create fear, a sense of urgency, utilize a position of authority or tug on my heartstrings to make me do something I should not?

If you have an awareness and training platform, the major platforms are releasing awareness and training content specifically around COVID-19 scams. We also recommend conducting COVID-19 related phishing campaigns so that you have an understanding of your organization’s risk of falling victim to these scams. If you are an Assura Virtual ISO or Managed Security Awareness and Training client, your primary point-of-contact can assist you with this.

If you’re an Assura Email Security, Endpoint Security, Managed SIEM Shield, Ransomware Protection Pack, or Election Protection Pack client, we’re actively protecting you against these attacks.

Stay safe, stay healthy, and as always feel free to submit any questions you may have about this or any other cybersecurity matter through our website or to [email protected].


The Assura Team