Attackers are taking advantage of the current news about monkeypox to trick people into clicking on malicious links, Pickr reports. Researchers at Mimecast have spotted a phishing campaign that impersonates companies in an attempt to trick employees into visiting phony health safety sites that steal their information.
The subject line is designed to grab the user’s attention, stating, “Attention all [Company] Employees - Please Read and Comply.”
The emails then state, “[Company name] has been closely monitoring developments related to the Monkeypox outbreak, including all updates provided by the Centers for Disease Control, World Health Organization, and local health officials. In an effort to keep all team members safe and informed, as well as our business protected, included here are the precautions that have been put in place.”
The email includes a link that says, “Click here to complete Mandatory Monkeypox safety awareness training.” This link leads to a phishing site that will steal their information.
Tim Campbell, Head of Threat Intelligence Analysis at Mimecast, stated that criminals frequently take advantage of current news.
“Monkeypox is high on the news agenda so it comes as no surprise that cyber criminals are exploiting it,” Campbell said. “Cybercriminals [are] adjust their phishing campaigns to be as timely and relevant as possible, using traditional attack methods to exploit current events in an attempt to lure busy and distracted people to engage with links in emails, applications or texts.... Now, they are using monkeypox as an opportunity to send phishing emails to company employees for ‘mandatory monkeypox awareness training. As the phishing email is made to look like an internal company email, employees are at risk of clicking the link and entering their login details, which will then be stolen and used to access systems within the organisation and steal information.”
People have probably been primed by the COVID pandemic to take healthcare warnings seriously, and so bad actors will seek to use their attention against them. New-school security awareness training can give your employees a healthy sense of suspicion so they can recognize red flags associated with social engineering attacks.
Pickr has the story.