(Photo Courtesy of CDC/Getty Images)
- The current monkeypox
outbreak, like the Covid-19 pandemic, has been a source for misinformation and
- Now, it’s being used as a
topic in an email phishing scam that’s been detected in South Africa.
- The email purports to be
from a company addressing its employees on “mandatory monkeypox safety
- For more stories go to
Interest around the current monkeypox
outbreak is being used by cybercriminals in a phishing scam that’s been
reported globally and, recently, in South Africa.
More than 1,200 cases of monkeypox
have been identified by the World Health Organisation (WHO) across 28 countries
where the virus had not usually or had not previously been reported prior to 13
The outbreak is more concentrated in
Europe and North America, with the United States’ Centers for Disease Control
and Prevention (CDC) recently ramping up the alert level associated with
monkeypox, warning people to “practice enhanced precautions”.
Monkeypox virus is an orthopoxvirus
that causes a disease with symptoms similar, but less severe, to smallpox,
according to the WHO. Symptoms include fever, an extensive characteristic rash
and swollen lymph nodes. In recent times, the case fatality ratio has been
around 3% to 6%.
Monkeypox, like the Covid-19 pandemic,
has been the target of misinformation campaigns. Now, it’s being used as a
topic to scam people through emails.
“Monkeypox is high on the news
agenda, so it comes as no surprise that cybercriminals are exploiting it,”
explained Tim Campbell, head of threat intelligence at Mimecast.
“Cybercriminals adjust their
phishing campaigns to be as timely and relevant as possible, using traditional
attack methods to exploit current events in an attempt to lure busy and
distracted people to engage with links in emails, applications or texts. Now,
they are using monkeypox as an opportunity to send phishing emails to company
employees for ‘mandatory monkeypox safety awareness training’.”
The latest phishing scam, which
Campbell confirmed to Business Insider SA had been detected in the country,
uses an email disguised as originating from a company to its employees.
Example of the monkeypox email phishing scam (Supplied by Mimecast)
The email notes that the
“company” has been monitoring developments surrounding the monkeypox
outbreak and cites updates provided by the CDC, WHO, and “local health
“In an effort to keep all team
members safe and informed, as well as our business protected, included here are
the precautions that have been put in place,” states the email. The
recipient is then advised to click on the link provided, which purports to be
for “mandatory monkeypox safety awareness training”.
Clicking the link and entering
personal details when prompted allows the cybercriminals to harvest that
information and use it to gain access to other systems, enabling the theft of
further sensitive data.
The phishing campaign exploits the
public’s awareness of health emergencies, preying on the need for information
honed during the Covid-19 pandemic – particularly when it comes to company
policies – and using it within the context of the monkeypox outbreak, said
Campbell points out that phishing
scams continue to be a popular attack method against South African
organisations, with the majority of respondents to its recent security survey
indicating that attacks had increased over the past year.