SA’s seeing emails about ‘mandatory training’ for monkeypox prevention – it’s a scam | #phishing | #scams



(Photo Courtesy of CDC/Getty Images)

  • The current monkeypox
    outbreak, like the Covid-19 pandemic, has been a source for misinformation and
    conspiracy theories.
  • Now, it’s being used as a
    topic in an email phishing scam that’s been detected in South Africa.
  • The email purports to be
    from a company addressing its employees on “mandatory monkeypox safety
    awareness training”.
  • For more stories go to
    www.BusinessInsider.co.za.

Interest around the current monkeypox
outbreak is being used by cybercriminals in a phishing scam that’s been
reported globally and, recently, in South Africa.

More than 1,200 cases of monkeypox
have been identified by the World Health Organisation (WHO) across 28 countries
where the virus had not usually or had not previously been reported prior to 13
May.

The outbreak is more concentrated in
Europe and North America, with the United States’ Centers for Disease Control
and Prevention (CDC) recently ramping up the alert level associated with
monkeypox, warning people to “practice enhanced precautions”.

Monkeypox virus is an orthopoxvirus
that causes a disease with symptoms similar, but less severe, to smallpox,
according to the WHO. Symptoms include fever, an extensive characteristic rash
and swollen lymph nodes. In recent times, the case fatality ratio has been
around 3% to 6%.

Monkeypox, like the Covid-19 pandemic,
has been the target of misinformation campaigns. Now, it’s being used as a
topic to scam people through emails.

“Monkeypox is high on the news
agenda, so it comes as no surprise that cybercriminals are exploiting it,”
explained Tim Campbell, head of threat intelligence at Mimecast.

“Cybercriminals adjust their
phishing campaigns to be as timely and relevant as possible, using traditional
attack methods to exploit current events in an attempt to lure busy and
distracted people to engage with links in emails, applications or texts. Now,
they are using monkeypox as an opportunity to send phishing emails to company
employees for ‘mandatory monkeypox safety awareness training’.”

The latest phishing scam, which
Campbell confirmed to Business Insider SA had been detected in the country,
uses an email disguised as originating from a company to its employees.

Monkeypox South Africa

Example of the monkeypox email phishing scam (Supplied by Mimecast)

The email notes that the
“company” has been monitoring developments surrounding the monkeypox
outbreak and cites updates provided by the CDC, WHO, and “local health
officials”.

“In an effort to keep all team
members safe and informed, as well as our business protected, included here are
the precautions that have been put in place,” states the email. The
recipient is then advised to click on the link provided, which purports to be
for “mandatory monkeypox safety awareness training”.

Clicking the link and entering
personal details when prompted allows the cybercriminals to harvest that
information and use it to gain access to other systems, enabling the theft of
further sensitive data.

The phishing campaign exploits the
public’s awareness of health emergencies, preying on the need for information
honed during the Covid-19 pandemic – particularly when it comes to company
policies – and using it within the context of the monkeypox outbreak, said
Mimecast.

Campbell points out that phishing
scams continue to be a popular attack method against South African
organisations, with the majority of respondents to its recent security survey
indicating that attacks had increased over the past year.

Get the best of our site emailed to you every weekday.

Go to the Business Insider front page for more stories.



Original Source link

Leave a Reply

Your email address will not be published.

seventy nine − = 69