Tampa Bay, FL – KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced it has discovered a new type of phishing scam warning people that they’ve come into contact with a friend/colleague/family member who has been infected with the coronavirus (COVID-19). The email instructs them to download a malicious attachment and proceed immediately to the hospital.
This particular social engineering scheme appears to come from a legitimate hospital, which is why it’s so alarming and could trick even a cautious end user.
The victim is instructed to fill out a pre-filled Excel form, which is actually a macro-laden Office document that serves as a trojan downloader and is currently only detected by a handful of anti-virus applications.
This piece of malware has a number of advanced functions that allow it to evade detection by security applications, worm its way deep into an infested system, and serve as a platform for a variety of criminal activities.
“This is a new type of malware that we’re seeing, as it was reported for the first time just a few days ago,” said Eric Howes, principal lab researcher, KnowBe4. “For the bad guys, this is a target-rich environment that prays on end users’ fears and heightened emotions during this pandemic. Employees need to be extra cautious when it comes to any emails related to COVID-19 and they need to be trained and educated to expect them, accurately identify them and handle them safely.”
To assist organizations in preparing their employees for secure remote working, KnowBe4 has developed a short, complimentary Coronavirus (COVID-19) Best Practices for Employees video module, available in 10 languages.
For more information, visit the KnowBe4 Blog.
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 31,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security.
Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as the last line of defense.