Microsoft alerts users of massive phishing attack: What to do now

Windows phishing attack
(Image credit: Getty Images)

Microsoft has warned users about a persistent email phishing threat that targets users with a morbid, coronavirus-related lure and and a leading medical institution's likeness.

COVID-19 email scams have ran rampant since the pandemic started, with bad actors hoping to benefit from heightened fear and internet usage. The one the Microsoft Security Intelligence team is tracking claims to contain an updated death count from John Hopkins, which pioneered coronavirus maps and case tracking efforts.

Except, according to Microsoft, the email's Excel attachment doesn't just display a chart with the number of coronavirus-related deaths in the US — when opened, the hostile file prompts users to 'Enable Content.'

Once this action is carried out by an unsuspecting victim, the Excel file's malicious macros download and install the NetSupport Manager client using a remote access trojan, or RAT.

NetSupport Manager's remote administration tool then lets a hacker hijack the user's system even execute commands on it remotely.

The Microsoft Security Intelligence team issued this alert via Twitter, using a thread to explain that how a number of different dirty Excel files all trace to the same URL.

“The hundreds of unique Excel files in this campaign use highly obfuscated formulas, but all of them connect to the same URL to download the payload," Microsoft wrote. "NetSupport Manager is known for being abused by attackers to gain remote access to and run commands on compromised machines.”

Is this email a scam? How to protect yourself

Although the NetSupport Manager tool is useful for benevolent remote administration, it can be easily exploited by RAT hackers. 

If a bad actor accesses your system through NetSupport Manager, your entire computer is compromised. The hacker has the means to command your machine, install files and steal personal data.

You can protect your information and your device with a healthy dose of skepticism. Whenever you receive emails from people outside of your contact list, don't click on any internal links and examine the sender's email address.

Malicious addresses often contain misspelled words or random combinations of letters and numbers, too.

It could also help to install and run some of the best antivirus software, not just on Windows but on Mac and Android too. Most of the attacks we've seen in recent months are already well known and will be detected and stopped by AV software.

TOPICS
Kate Kozuch

Kate Kozuch is the managing editor of social and video at Tom’s Guide. She writes about smartwatches, TVs, audio devices, and some cooking appliances, too. Kate appears on Fox News to talk tech trends and runs the Tom's Guide TikTok account, which you should be following if you don't already. When she’s not filming tech videos, you can find her taking up a new sport, mastering the NYT Crossword or channeling her inner celebrity chef.

Latest in Online Security
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Latest in News
NYTimes Connections
NYT Connections today hints and answers — Tuesday, March 25 (#653)
A first look at Amazon's Fallout TV series coming to Prime Video
‘Fallout’ season 3 plans are reportedly being made — while season 2 is still filming
Surface Laptop 7 from the front
Amazon just gave Surface Laptop 7 a 'frequently returned' label — here's what's going on
New emojis with iOS 18.4 beta release.
iOS 18.4 beta brings 8 new emoji to your iPhone — here's all the new options
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
half-life alyx
Latest Half-Life 3 rumors point to a 2025 release — and maybe pigs will fly