Security News > 2020 > March > Spear-Phishing Attack Lures Victims With ‘HIV Results’
Recently discovered spear-phishing emails are using a unique "Scare-factor" lure to convince victims to open attached malicious Microsoft Excel documents: Their HIV test results.
"But they should never lead us to fall victim to phishing campaign. Threat actors regularly use purported health information in their phishing lures because it evokes an emotional response that is particularly effective in tricking potential victims to open malicious attachments or click malicious links."
Victims received an email purporting to come from "Vanderbit [SIC] Medical," with the subject line "Test result of medical analysis." The body of the email encourages victims to open a malicious Microsoft Excel attachment titled "TestResults.xlsb," claiming that the recipient's HIV results are contained within it.
This most recent spear-phishing attack is a reflection of attackers continuing to use innovative lures to convince victims to click on malicious links or attachments.
If potential victims receive emails claiming to have sensitive health-related information, researchers said they should their medical provider's patient portal directly or call their doctor rather than open the email.
News URL
https://threatpost.com/spear-phishing-attack-lures-victims-with-hiv-results/153536/
Related news
- Google raps Iran's APT42 for raining down spear-phishing attacks (source)
- Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks (source)
- Cybercriminals exploit file sharing services to advance phishing attacks (source)
- Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America (source)
- CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait (source)
- How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back (source)
- Novel attack on Windows spotted in phishing campaign run from and targeting China (source)
- Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks (source)
- Chinese national accused by Feds of spear-phishing for NASA, military source code (source)
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)