Mimecast has discovered a new email phishing campaign that aims to use the emerging monkeypox outbreak to trick employees into sharing their personal details.
“Monkeypox is high on the news agenda so it comes as no surprise that cybercriminals are exploiting it,” says Tim Campbell, head of threat intelligence at Mimecast. “Cybercriminals adjust their phishing campaigns to be as timely and relevant as possible, using traditional attack methods to exploit current events in an attempt to lure busy and distracted people to engage with links in emails, applications or texts.
“Now, they are using monkeypox as an opportunity to send phishing emails to company employees for ‘mandatory monkeypox safety awareness training’.”
In this latest phishing campaign, recipients are asked to click on a link to complete ‘mandatory training’ as part of a supposed new company policy. As the phishing email is made to look like an internal company email, employees are at risk of clicking the link and entering their login details, which will then be harvested and used to access systems within the organisation to steal information.
Phishing scams continue to be a popular attack method against South African organisations, with 65% of respondents in Mimecast’s State of Email Security 2022 reporting an increase in such attacks over the past year.
This latest campaign highlights the fact that cybercriminals will exploit the fear and uncertainty caused by the recent news as well as the need for cybersecurity awareness training within organisations to reduce employees falling for this type of phishing campaign.
“With cyberattacks, it is a question of when not if one will occur,” says Campbell. “It is important for organisations to have adequate, cybersecurity measures in place as well as a well-rehearsed cyber resilience response plan. Cybersecurity awareness training for their staff needs to be frequent and engaging to ensure they avoid clicking on risky links. Employees must scrutinise suspicious emails and not click on links if in any doubt.”