Cybercriminals are using monkeypox outbreaks to fool victims into disclosing their personal information. Monkeypox is high on the news agenda and people’s curiosity and fear of it make it easier for attackers to exploit it.

What’s the campaign?

Recently, cybercriminals have been observed sending phishing emails to employees in South Africa, pretending to be instructions from their company to all its employees.
  • The email claims that their organization has been monitoring the spread of the disease in the local area, and the updates provided by the local health officials, the CDC, and WHO.
  • The email urges the employees to take mandatory safety awareness training about monkeypox via the link given in the email.

How does the attack work?

The targeted recipients are asked to click on a link to take part in a new company policy.
  • The phishing email is carefully crafted to look like an internal company email with the goal of stealing staff’s login details.
  • Thinking of this as a legit email, staff members could open the link and enter their login details, which attackers harvest to their servers.
  • The harvested login details are used to access systems within targeted firms to exfiltrate information.

Conclusion

This recent campaign once again highlights that subjects around the international pandemic situations such as COVID-19, and now monkeypox, can be effective in scamming people. Thus, it is suggested to provide security awareness training to employees to prevent them from falling into such threats.
Cyware Publisher

Publisher

Cyware