Cybercriminals who specialize in phishing attacks have been exploiting the coronavirus for the past couple of months. These emails typically refer to COVID-19 in some way or impersonate certain health-related agencies such as the World Health Organization. But they all count on one factor–fear about the virus. Now, a new series of phishing emails have emerged that exploit an even bigger fear, that of actually catching the virus.

SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium)

Described in a Saturday blog post by KnowBe4, which discovered them on Friday, these new phishing emails warn recipients that they’ve been exposed to the coronavirus through personal contact with a colleague, friend, or family member. The email instructs them to download an attached Excel spreadsheet and proceed immediately to the nearest emergency clinic. To lend credence to the warning, the sender claims to be an official at a hospital.


The attached spreadsheet purports to be a pre-filled form that recipients need to bring with them to the hospital. In reality, the spreadsheet is malware. If opened, the file asks the user to enable macros and then downloads a nasty backdoor trojan. Evading detection by many antivirus applications, the trojan burrows its way into an infected system and serves as a launching pad for other criminal activities, according to KnowBe4.

“This is a new type of malware that we’re seeing, as it was reported for the first time just a few days ago,” Eric Howes, principal lab researcher for KnowBe4, said in a press release. “For the bad guys, this is a target-rich environment that preys on end-users’ fears and heightened emotions during this pandemic. Employees need to be extra cautious when it comes to any emails related to COVID-19, and they need to be trained and educated to expect them, accurately identify them, and handle them safely.”

To protect your organization and your employees from this type of phishing scam, KnowBe4 offers the following tips:

  • VPN. Make sure your remote workers are connecting to the network through a VPN.
  • SSO and MFA. Implement a Single Sign On (SSO) for your employees backed up by Multi-Factor Authentication (MFA).
  • Training. Set up an immediate and vigorous security awareness training campaign for your employees.
  • Patching. Make sure to patch all machines in the cloud, in the office, and at home.

Image: magann, Getty Images/iStockphoto