Hackers are preying on fear and concern over the COVID-19 pandemic, sending emails offering coronavirus testing and warnings encrypted with hidden tracking malware called "Trickbot" which is engineered to record passwords and bank data, according to Microsoft Security Intelligence.
According to Microsoft security, 60,000 of the malware-laden emails are stopped daily before they can attack an unwary recipient.
Don't get phished. 🎣 Attackers are attempting to steal data and passwords using fake #COVID-19 emails.— Microsoft (@Microsoft) April 10, 2020
Look out for these signs to stay safe, and tag someone you know who needs to see this. ⬇️ pic.twitter.com/jxa5I9SYT5
"The bait that's hanging in front of you right now is coming out of the woodwork, absolutely," said Mike Hamilton, founder and chief information security officer for Seattle-based CI Security. He said hackers have been able to hide hundreds of dangerous attachments in links.
“The most clever one I’ve seen is a text message that people get that says ‘Your phone has been monitored as being near a phone of someone who has been diagnosed with COVID-19, and you need to click this link right here on your phone,'” he said.
Trickbot is designed specifically to steal your bank and payment credentials by grabbing passwords as you authenticate them. It can steal passwords from PayPal, Amazon and virtually any service used to move around money.
Security experts told KIRO-TV that avoiding this financially crippling virus is as simple as applying a simple test.
“You should ask yourself 'Why did some internet rando just send me that?” Hamilton said.
About the Author