Cybercriminals Take Advantage Of Monkeypox
Phishing campaign specifically uses employee fears and insecurities to launch attacks.
Cybersecurity expert Mimecast has discovered a new global phishing campaign that specifically plays on society’s concerns. Cybercriminals are using a current topic as an opportunity to trick employees: monkeypox. Globally, around 1,600 emails related to the disease have already been identified. There are no known cases in Germany, but it is likely that the attack will spread here as well.
Monkey pox lures into the cyber trap
The perpetrators send deceptively genuine-looking phishing emails to employees on behalf of their company. In these, they are asked to complete mandatory monkeypox awareness training – supposedly to be able to protect their team members and ultimately their company against the new disease. Attached is a link that is supposed to lead to the alleged training. However, if you click on this link, you land on a fake Office 356 login page. The criminals’ goal is to obtain employee login credentials to eventually gain access to corporate systems to steal more information.
“Monkeypox is at the top of the agenda, as such it is not surprising that cybercriminals exploit this for their schemes. They tailor their phishing campaigns to the most current events possible. Combined with traditional attack methods, they ultimately try to lure unwary individuals into the trap with links in emails, applications or texts,” said Tim Campbell, Head of Threat Intelligence Analysis at Mimecast. “Organizations should integrate appropriate security measures and have a cyber resilience strategy in place to protect themselves. In addition, their employees’ awareness needs to be raised to ensure they don’t click on suspicious links in the first place.”