---
title: "What Follows COVID Phishing Attacks? Black Lives Matter Phishing Attacks! | Phish Protection"
description: "If it"
image: "https://phishprotection.com/og/blog/what-follows-covid-phishing-attacks-black-lives-matter-phishing-attacks.png"
canonical: "https://phishprotection.com/blog/what-follows-covid-phishing-attacks-black-lives-matter-phishing-attacks/"
---

Quick Answer

The most recent \*\*phishing campaign\*\* asks "you to vote anonymously about Black Lives Matter," but in reality, all it's really doing is "spreading the \*\*TrickBot information-stealing malware\*\*. Started as a banking Trojan, the TrickBot has evolved to perform a variety of malicious behavior."

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fwhat-follows-covid-phishing-attacks-black-lives-matter-phishing-attacks%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=What%20Follows%20COVID%20Phishing%20Attacks%3F%20Black%20Lives%20Matter%20Phishing%20Attacks!&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fwhat-follows-covid-phishing-attacks-black-lives-matter-phishing-attacks%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fwhat-follows-covid-phishing-attacks-black-lives-matter-phishing-attacks%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fwhat-follows-covid-phishing-attacks-black-lives-matter-phishing-attacks%2F&title=What%20Follows%20COVID%20Phishing%20Attacks%3F%20Black%20Lives%20Matter%20Phishing%20Attacks! "Share on Reddit") [ ](mailto:?subject=What%20Follows%20COVID%20Phishing%20Attacks%3F%20Black%20Lives%20Matter%20Phishing%20Attacks!&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fwhat-follows-covid-phishing-attacks-black-lives-matter-phishing-attacks%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2020/06/phishing-attack-prevention-1100.jpg) 

_If it’s in the news, it’s a phishing attack waiting to happen_. First, it was the popularity of the show [Game of Thrones](/blog/when-it-comes-to-getting-phished-game-of-thrones-is-no-fantasy/). Then it was the new [Star Wars](/blog/may-the-force-be-with-you-that-force-is-a-phishing-attack/) sequel. More recently it was the fear of [COVID-19.](/blog/covid-19-fear-leads-to-trickledown-phishing-scams/) And now, in response to all the recent protests over police brutality, it’s the [Black Lives Matter](https://www.bleepingcomputer.com/news/security/fake-black-lives-matter-voting-campaign-spreads-trickbot-malware/) movement. Apparently, hackers get their ideas for **phishing attacks** from the news.

The most recent **phishing campaign** asks “you to vote anonymously about Black Lives Matter,” but in reality, all it’s really doing is “spreading the **TrickBot information-stealing malware**. Started as a banking Trojan, the TrickBot has evolved to perform a variety of malicious behavior.”

![Phishing attack prevention](https://media.mailhop.org/phishprotection/images/2020/06/phishing-attack-prevention-1100.jpg) 

How does this scam work? _An email pretending to be from “Country administration” asks recipients to vote anonymous about Black Lives Matter_. “The email states, ‘Leave a review confidentially about Black Lives Matter’ and then prompts recipients to fill out and return an attached document named _e-vote\_form\_3438.doc_.”

“When a recipient opens the Word document, they will be greeted with a message stating that they need to click on the ‘Enable Editing’ and ‘Enable Content’ buttons to view the contents properly. Once they click on these buttons, _the Word document will run macros that download a malicious DLL to the computer and execute it_. This DLL is the **TrickBot trojan** that, when executed, will download further modules to the infected computer to steal files, passwords, security keys, spread laterally throughout the network, and allow other threat actors to install ransomware.”

_This phishing attack is in direct contrast to most other phishing attacks_. Most phishing attacks use a **phishing website** to steal your credentials. The scam is to get you to click on a bogus link, go to the website and enter your credentials. But none of that happens here with this phishing scam. _There’s no phishing website and no bogus link_. This makes it even harder to protect yourself without the proper defense.

To protect yourself from this type of phishing attack, you’ll need **email security** that is not only capable of screening emails for malicious links, but also for malicious attachments. You need protection like [Advanced Threat Defense](/products/advanced-threat-defense/) available from Phish Protection.

![Protection from phishing](https://media.mailhop.org/phishprotection/images/2020/06/protection-from-phishing-3310.jpg) 

Advanced Threat Defense from Phish Protection has **real-time link click protection** against both domain name spoofing and display name spoofing. More importantly, _it has malicious attachment blocking, which means emails with a malicious attachment never even make it into your inbox_. That’s protection.

[Phish Protection](/) sets up in 10 minutes, works with all major email services and _only costs pennies per user per month_. Don’t let the latest news-based phishing attack catch you off guard. Get Phish Protection with **Advanced Threat Defense** and keep those hackers at bay. Try it\*\* free for 60 days\*\*.

## Topics

[ Phishing ](/tags/phishing/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Foundational 5m  0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks  Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[  Foundational 4m  13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization  Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[  Foundational 4m  All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center  May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[  Foundational 4m  2021 Phishing Trends You Need To Be Wary Of  Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"What Follows COVID Phishing Attacks? Black Lives Matter Phishing Attacks!","description":"If it's in the news, it's a phishing attack waiting to happen. First, it was the popularity of the show Game of Thrones. Then it was the new Star Wars sequel.","url":"https://phishprotection.com/blog/what-follows-covid-phishing-attacks-black-lives-matter-phishing-attacks/","datePublished":"2020-06-26T11:06:23.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2020-06-26T11:06:23.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/what-follows-covid-phishing-attacks-black-lives-matter-phishing-attacks/"},"articleSection":"foundational","keywords":"Phishing","wordCount":468,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2020/06/phishing-attack-prevention-1100.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"What Follows COVID Phishing Attacks? Black Lives Matter Phishing Attacks!","item":"https://phishprotection.com/blog/what-follows-covid-phishing-attacks-black-lives-matter-phishing-attacks/"}]}
```