Security awareness training and simulated phishing provider KnowBe4 has announced that it has discovered a new type of phishing scam warning people that they’ve come into contact with a friend/colleague/family member who has been infected with the coronavirus and so are at risk of being infected themselves.
The email, which is crafted to appear as though it has come from a legitimate hospital, instructs users to download a malicious attachment and proceed immediately to the hospital.
The attachment contains hidden malware, KnowBe4 explained, with a number of advanced functions that allow it to evade detection by security applications, worm its way deep into an infested system and serve as a platform for a variety of criminal activities.
“This is a new type of malware that we’re seeing, as it was reported for the first time just a few days ago,” said Eric Howes, principal lab researcher, KnowBe4. “For the bad guys, this is a target-rich environment that preys on end-users’ fears and heightened emotions during this pandemic. Employees need to be extra cautious when it comes to any emails related to COVID-19 and they need to be trained and educated to expect them, accurately identify them and handle them safely.”
The latest discovery is yet another example of how cyber-criminals are seeking to exploit people through phishing emails during the COVID-19 pandemic.