A new phishing scam is playing on the public’s fears of the COVID-19 outbreak, according to the world’s largest security-awareness training and simulated phishing platform.

Security awareness firm KnowBe4 said Monday that it had discovered a new type of phishing scam that told victims they had come into contact with a friend, colleague or family member who had been infected with the coronavirus.

The email instructs its victims to download an attachment and then go to the hospital.

“This particular social engineering scheme appears to come from a legitimate hospital, which is why it’s so alarming and could trick even a cautious end user,” KnowBe4 said.

The email instructs the victim to fill out an Excel form. The form is actually a macro-laden Office document that downloads a malicious program.