In recent days Microsoft has issued, through the official twitter channel of the Security Intelligence division, some warnings related to "massive" phishing campaigns who take advantage of the attention and thirst for information directed towards the COVID-19 pandemic to catch the audience off guard and mislead them.
In particular, Microsoft highlights the email-phishing campaign that started on May 12 and that seeks to exploit the image and authoritative stature of the Jonhs Hopkins Center to spread a self-styled "WHO COVID-19 SITUATION REPORT" via an Excel file.
Inside the file is hiding for a malicious Excel 4.0 macro that downloads and starts a NetSupport Manager Remote Access Tool (RAT). This is a particularly infamous ploy, because NetSupport Manager absolutely legitimate software whose purpose is to help carry out remote technical support.
Were tracking a massive campaign that delivers the legitimate remote access tool NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros. The COVID-19 themed campaign started on May 12 and has so far used several hundreds of unique attachments. pic.twitter.com/kwxOA0pfXH
– Microsoft Security Intelligence (@MsftSecIntel) May 18, 2020
Always the same Microsoft Security Intelligence then warns of another campaign boasting the possibility of carrying out a "check" or "test" linked to the coronavirus, requesting the user's personal data.
Trickbot remains to be one of the most common payloads in COVID-19 themed campaigns. A new Trickbot campaign that launched on May 18 uses emails that claim to offer "personal coronavirus check", an iteration of the "free COVID-19 test" weve seen in previous Trickbot spam runs. pic.twitter.com/pU2MgBNJcE
– Microsoft Security Intelligence (@MsftSecIntel) May 19, 2020
Although these two campaigns are mostly designed for an English-speaking audience, what matters most is spending a few more words are the basic principles. Not the first time we have news of such episodes, and with great probability it will not even be the last.
The phase that the world is going through, with the emotional turmoil triggered by the events following the COVID-19 pandemic, represent the ideal terrain for web scammers. In moments of profound uncertainty like these normal feeling lost, feeling bewildered and apprehensive and living every day with concern: you become more vulnerable to those little things that we believe can give us a little hope, or respond maliciously to a concern and precisely for this makes us let our guard down. It is the exploitation of emotional switches, the basis of social engineering, which moves computer and non-IT scams.
As always in these cases it is good to try not to let your guard down, following the "trust no one" principle, don't trust anyone. We try to consider, for example, an alarm bell whenever an invitation is received to download an attachment or to transmit our personal data, whatever the interlocutor: a little more zeal and distrust can spare us unpleasant consequences. Better safe than sorry, as they say in jargon.
