Security News > 2020 > March > Spear-Phishing Attack Lures Victims With ‘HIV Results’
Recently discovered spear-phishing emails are using a unique "Scare-factor" lure to convince victims to open attached malicious Microsoft Excel documents: Their HIV test results.
"But they should never lead us to fall victim to phishing campaign. Threat actors regularly use purported health information in their phishing lures because it evokes an emotional response that is particularly effective in tricking potential victims to open malicious attachments or click malicious links."
Victims received an email purporting to come from "Vanderbit [SIC] Medical," with the subject line "Test result of medical analysis." The body of the email encourages victims to open a malicious Microsoft Excel attachment titled "TestResults.xlsb," claiming that the recipient's HIV results are contained within it.
This most recent spear-phishing attack is a reflection of attackers continuing to use innovative lures to convince victims to click on malicious links or attachments.
If potential victims receive emails claiming to have sensitive health-related information, researchers said they should their medical provider's patient portal directly or call their doctor rather than open the email.
News URL
https://threatpost.com/spear-phishing-attack-lures-victims-with-hiv-results/153536/
Related news
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)