Monkeypox Scams Continue to Increase

Monkeypox Scams RisingAttackers are taking advantage of the current news about monkeypox to trick people into clicking on malicious links, Pickr reports. Researchers at Mimecast have spotted a phishing campaign that impersonates companies in an attempt to trick employees into visiting phony health safety sites that steal their information.

The subject line is designed to grab the user’s attention, stating, “Attention all [Company] Employees - Please Read and Comply.”

The emails then state, “[Company name] has been closely monitoring developments related to the Monkeypox outbreak, including all updates provided by the Centers for Disease Control, World Health Organization, and local health officials. In an effort to keep all team members safe and informed, as well as our business protected, included here are the precautions that have been put in place.”

The email includes a link that says, “Click here to complete Mandatory Monkeypox safety awareness training.” This link leads to a phishing site that will steal their information.

Tim Campbell, Head of Threat Intelligence Analysis at Mimecast, stated that criminals frequently take advantage of current news.

“Monkeypox is high on the news agenda so it comes as no surprise that cyber criminals are exploiting it,” Campbell said. “Cybercriminals [are] adjust their phishing campaigns to be as timely and relevant as possible, using traditional attack methods to exploit current events in an attempt to lure busy and distracted people to engage with links in emails, applications or texts.... Now, they are using monkeypox as an opportunity to send phishing emails to company employees for ‘mandatory monkeypox awareness training. As the phishing email is made to look like an internal company email, employees are at risk of clicking the link and entering their login details, which will then be stolen and used to access systems within the organisation and steal information.”

People have probably been primed by the COVID pandemic to take healthcare warnings seriously, and so bad actors will seek to use their attention against them. New-school security awareness training can give your employees a healthy sense of suspicion so they can recognize red flags associated with social engineering attacks.

Pickr has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Anti-Phishing Guide ebook

Get the latest about social engineering

Subscribe to CyberheistNews