PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Hackers Try to Phish Business Executives With COVID-19 Bonus Promise

The hackers sent millions of phishing emails, largely directed at chief executives and senior managers in both the private and public sector, according to Microsoft.

Michael Kan
 & Michael Kan Principal Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Watch out for emails claiming to offer a “COVID-19 bonus.” According to Microsoft, a pair of hackers has been using the term to trick business employees into handing over access to their email accounts. 

On Tuesday, the company detailed the phishing attacks, which have been attempting to take over Microsoft Office 365 accounts from business users across 62 different countries. 

Microsoft has been observing the hacking group’s phishing scams since December; they initially involved generic business subject lines, such as “Q4 report — Dec 19.” However, in recent weeks, the duo has been exploiting the pandemic to manipulate users into opening their malicious emails, including use of the term “COVID-19 bonus” on links or files attached to the emails. “Once victims clicked on the deceptive links, they were ultimately prompted to grant access permissions to a malicious web application,” wrote Microsoft corporate vice president Tom Burt in a blog post

The COVID-19 themed email (Credit: Microsoft)

The malicious web application tries to look like a legitimate product from Microsoft. For instance, the hackers named one such app “0365 access.” The same app also doesn't attempt to ask you for your login or password.

Instead, it tries to trick the victim into signing off on some powerful privileges, including the ability to read emails over their Office 365 account, and to even change the mail settings. 

The malicious app and the permissions it asks for (Credit: Microsoft)

Making the scheme look even more legitimate is how victims will be first sent to the official Microsoft 365 login page before they're redirected to grant permissions to the malicious app.

If the victims falls for the trap, the phishing attack can then pave for what’s called “business email compromise” schemes, in which the hackers can trick a company’s staff into wiring large sums of money to them. The same access can also give the attackers the ability to view sensitive company information.

Related

According to Microsoft, the pair of anonymous hackers sent millions of phishing emails, largely directed at chief executives and senior managers in both the private and public sector. 

(Credit: Microsoft)

To stop the attacks, Microsoft filed a lawsuit to seize control over six internet domains the hackers have been using to host their malicious web applications. On Tuesday, the US District Court for the Eastern District of Virginia granted the company control of the six domains.

The phishing scheme is a reminder to be careful around suspicious third-party apps; if they ask for powerful permissions, you may want to avoid installing them.

Further Reading

Security Reviews

Security Best Picks

About Our Expert

Michael Kan

Michael Kan

Principal Reporter

My Experience

I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.

Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.

I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.

I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.

The Best Tech I've Had:

  • My first video game console: a Nintendo Famicom
  • I loved my Sega Saturn despite PlayStation's popularity.
  • The iPod Video I received as a gift in college
  • Xbox 360 FTW
  • The Galaxy Nexus was the first smartphone I was proud to own.
  • The PC desktop I built in 2013, which still works to this day.

Read the latest from Michael Kan

Read full bio