Beware of COVID-19 email infections from ‘Trickbot’ say Microsoft and cyber-security experts

Hackers are preying on fear and concern over the COVID-19 pandemic, sending emails offering coronavirus testing and warnings encrypted with hidden tracking malware called “Trickbot” which is engineered to record your passwords and bank data, according to Microsoft Security Intelligence.

According to Microsoft security, 60,000 of the malware-laden emails are stopped daily, before they can attack an unwary recipient.

“The bait that’s hanging in front of you right now is coming out of the woodwork, absolutely,” said Mike Hamilton, founder and chief information security officer for Seattle-based CI Security. Hamilton says hackers have been able to hide hundreds of dangerous attachments to links.

"The most clever one I've seen is a text message that people get that says 'Your phone has been monitored as being near a phone of someone who has been diagnosed with COVID-19, and you need to click this link right here on your phone."'

Trickbot is designed specifically to steal your bank and payment credentials by grabbing passwords as you authenticate them. It can do it with PayPal, Amazon, and virtually anywhere you move around money.

Security experts say avoiding this financially crippling virus is as simple as applying a simple test: “You should ask yourself 'Why did some internet rando just send me that?” Hamilton asked.