Security News > 2020 > March > Spear-Phishing Attack Lures Victims With ‘HIV Results’
Recently discovered spear-phishing emails are using a unique "Scare-factor" lure to convince victims to open attached malicious Microsoft Excel documents: Their HIV test results.
"But they should never lead us to fall victim to phishing campaign. Threat actors regularly use purported health information in their phishing lures because it evokes an emotional response that is particularly effective in tricking potential victims to open malicious attachments or click malicious links."
Victims received an email purporting to come from "Vanderbit [SIC] Medical," with the subject line "Test result of medical analysis." The body of the email encourages victims to open a malicious Microsoft Excel attachment titled "TestResults.xlsb," claiming that the recipient's HIV results are contained within it.
This most recent spear-phishing attack is a reflection of attackers continuing to use innovative lures to convince victims to click on malicious links or attachments.
If potential victims receive emails claiming to have sensitive health-related information, researchers said they should their medical provider's patient portal directly or call their doctor rather than open the email.
News URL
https://threatpost.com/spear-phishing-attack-lures-victims-with-hiv-results/153536/
Related news
- Russian Star Blizzard Targets WhatsApp Accounts in New Spear-Phishing Campaign (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- How to Prevent Phishing Attacks with Multi-Factor Authentication (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)