A new type of phishing email warns recipients that they have come into contact with a friend or colleague who has been diagnosed with the coronavirus, according to security training firm KnowBe4.
Those who believe it are directed to download a malicious attachment and rush to a hospital.
The scam is detectable by few anti-virus applications, the company says.
The email, which appears to come from a legitimate hospital, instructs the victim to complete a pre-filled Excel form — a trojan downloading Office document.
"This is a new type of malware that we're seeing, as it was reported for the first time just a few days ago," states Eric Howes, principal lab researcher for KnowBe4.
Howes adds, "For the bad guys, this is a target-rich environment that prays on end users' fears and heightened emotions during this pandemic.”
The company reports that the malware has advanced functions that allow it to worm its way deep into a system and serve a variety of criminal activities.
“Employees need to be extra cautious when it comes to any emails related to COVID-19 and they need to be trained and educated to expect them, accurately identify them and handle them safely," Howes says.