Amy Stevens of the PR group Davies Murphy became part of the story when Eduard Kovacs at SoftPedia picked up on her tweet about a phishing email she just received. If you recently had a blood test (and many of us have)... beware! He started with:
"Cybercriminals have hit a new low. They’re telling users they might have cancer just to trick them into installing a piece of malware on their computers."
The email is being send as part of a phishing campaign that uses the excellent reputation of the United Kingdom’s National Institute for Health and Care Excellence (NICE). The malicious notifications carry the subject line “IMPORTANT: blood analysis results” and come from a spoofed email address" firstname.lastname@example.org.
Now, you might think the UK is far away so this does not concern you. Think again. The UK is often used as a test bed by the Russian cybermafia, and you will see this in the U.S in the near future. The malicious emails read something like this:
“We have been sent a sample of your blood analysis for further research. During the complete blood count (CBC) we have revealed that white blood cells is very low, and unfortunately we have a suspicion of a cancer. We suggest you to print out your CBC test results and interpretations in attachment below and visit your family doctor as soon as possible.”
The PDF file that’s attached to the emails is not a CBC test result, but a double extension file (CBC_scaned_584444449.pdf.exe) and will install malware on your PC. At the time of writing, 14 of the 50 antivirus products detect the file as being malicious. Here is how the email looks:
So, STOP LOOK THINK before you click! And get some effective security awareness training in place.