A new e-mail phishing scam has been discovered that aims to use the emerging monkeypox outbreak to trick employees into sharing their personal details.
WHILE more cases of monkeypox are being detected around the world – including South Africa – scammers remain busy.
According to Mimecast Threat Intelligence, a new e-mail phishing scam is doing the rounds using monkeypox to trick people into sharing their personal details.
Mimecast’s Tim Campbell said monkeypox is high on the news agenda so it comes as no surprise that cybercriminals are exploiting it. He said cybercriminals adjust their phishing campaigns to be as timely and relevant as possible, using traditional attack methods to exploit current events in an attempt to lure busy and distracted people to engage with links in e-mails, applications or texts.
“Now, they are using monkeypox as an opportunity to send phishing e-mails to company employees for ‘mandatory monkeypox safety awareness training’.
In this latest phishing campaign, recipients are asked to click on a link to complete ‘mandatory training’ as part of supposed new company policy. As the phishing e-mail is made to look like an internal company e-mail, employees are at risk of clicking the link and entering their login details, which will then be harvested and used to access systems within the organisation to steal information,” Campbell explained.
He warned that phishing scams continue to be a popular attack method against South African organisations, with 65% of respondents in Mimecast’s State of Email Security 2022 reporting an increase in such attacks over the past year.
He said this latest campaign highlights the fact that cybercriminals will exploit the fear and uncertainty caused by the recent news as well as the need for cybersecurity awareness training within organisations to reduce employees falling for this type of phishing campaign.
Campbell said with cyberattacks, it is a question of when, not if one will occur.
“It is important for organisations to have adequate, cybersecurity measures in place as well as a well-rehearsed cyber resilience response plan. Cybersecurity awareness training for their staff needs to be frequent and engaging to ensure they avoid clicking on risky links. Employees must scrutinise suspicious e-mails and not click on links if in any doubt,” he said.
On Thursday, the Health Department confirmed SA’s first monkeypox case. Health Minister Dr Joe Phaahla said the patient was a 30-year-old male from Johannesburg who has no travel history, meaning that this cannot be attributed to having been acquired outside South Africa.
“Working with the relevant health authorities a process of contact tracing has begun. The National Institute of Communicable Diseases is conducting online in service training for our health workers for them to be able to detect the disease so that the necessary laboratory tests can be done. The disease only spread through close droplets so you cannot get by being in the same room with an infected person,” he said.