Several cybercriminal groups are taking advantage of the current Monkeypox outbreaks to deceive concerned victims into providing their data and critical information.
Monkeypox has been a hot topic these past few months as it gives similar concerns to the COVID-19 virus. For this reason, several threat actors use this potential threat to make their attacks more effortless and efficient since they bet on people’s curiosity and fear.
Threat actors were disseminating phishing emails to employees in South Africa, pretending that their emails were instructions from the company that needed to be distributed among its employees.
The phishing email’s content claimed that the targeted organisations have been monitoring the spread of the Monkeypox disease in the local area. Moreover, the email also included that the employees should comply with the email’s contents to give an immediate update to the local health officials, WHO, and CDC.
The email encourages the employees to practice mandatory safety awareness training regarding the monkeypox disease via the link attached to the email.
The threat actors used Monkeypox as a new company policy to trick and mandate the targeted employees into complying with whatever the phishing email instructs.
The threat actors presented the phishing email with Monkeypox warnings as a new company policy for the targeted recipients. Subsequently, the employees were asked to access a link in the email.
Moreover, the phishing email appears like an internal company email to steal an employee’s login credentials. Staff members could likely open the link attached to the email and enter their login credentials if they think it is a legitimate company email.
The adversaries can then harvest the provided credentials and upload them to their servers. The harvested credentials will be utilised to access the systems of the targeted firms to exfiltrate other information.
This recent cybercriminal campaign has once again shown how threat actors can take advantage of current trends and turn it into something profitable to them. Companies should provide security awareness training to employees to mitigate the chances of getting deceived by phishing emails.