Microsoft Issues Warning Over Scam COVID-19 E-Mails
Mike Sanders / 5 years ago
We all know that the internet can sometimes be a dodgy place with a lot of people merely looking to steal your data. For the more savvy user, however, the risks can be minimized or, perhaps more accurately, its easier to spot something that seems a bit fishy. It seems, however, that a new e-mail phishing scam is making the rounds that directly looks to tap into the COVID-19 situation. Nothing entirely surprising there, right?…
Well, with a new scam specifically looking to utilize a semi-security flaw in Excel, however, Microsoft feels its best to give you all a warning to watch out for it!
We’re tracking a massive campaign that delivers the legitimate remote access tool NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros. The COVID-19 themed campaign started on May 12 and has so far used several hundreds of unique attachments. pic.twitter.com/kwxOA0pfXH
— Microsoft Security Intelligence (@MsftSecIntel) May 18, 2020
Microsoft Warns of COVID-19 Scam E-Mails
So, how does this one work? Well, users can expect to see a ‘COVID-19’ themed e-mail with an Excel document attachment purportedly containing the latest figures from around the world. While this does initially seem legitimate, what most users won’t realize is that the document will then use Excel 4.0 macros to install and run NetSupport Manager. A program that can potentially allow for remote access to your PC.
Initially noticing a spike in Excel 4.0 macros being used earlier this month, Microsoft has concluded that this is part of a new hacking technique that seems to be gaining some traction among the more dubious members of the internet community.
What Should I Do?
Well, as nearly always with scams of this type, it’s reliant on the user doing something to ‘help’. As such, if you receive any e-mails with attachments from people you don’t know, never download and run the file! It’s honestly as simple as that. – For UK residents, you can also report the e-mail (and any other dodgy e-mail activity) to the National Cyber Security Center at ‘report@phishing.gov.uk’.
What do you think? Have you received this scam email? – Let us know in the comments!