Security News > 2020 > March > Spear-Phishing Attack Lures Victims With ‘HIV Results’

Recently discovered spear-phishing emails are using a unique "Scare-factor" lure to convince victims to open attached malicious Microsoft Excel documents: Their HIV test results.

"But they should never lead us to fall victim to phishing campaign. Threat actors regularly use purported health information in their phishing lures because it evokes an emotional response that is particularly effective in tricking potential victims to open malicious attachments or click malicious links."

Victims received an email purporting to come from "Vanderbit [SIC] Medical," with the subject line "Test result of medical analysis." The body of the email encourages victims to open a malicious Microsoft Excel attachment titled "TestResults.xlsb," claiming that the recipient's HIV results are contained within it.

This most recent spear-phishing attack is a reflection of attackers continuing to use innovative lures to convince victims to click on malicious links or attachments.

If potential victims receive emails claiming to have sensitive health-related information, researchers said they should their medical provider's patient portal directly or call their doctor rather than open the email.

News URL

https://threatpost.com/spear-phishing-attack-lures-victims-with-hiv-results/153536/