"Evernote Phishing Scam Targeting Healthcare Providers to Harvest Credentials"

According to a recent alert from the Department of Health and Human Services' Cybersecurity Coordination Center, healthcare provider organizations are being targeted by a phishing campaign that uses a secure message theme to harvest credentials. The phishing emails direct victims to a malicious Evernote website appearing to be a legitimate website. The ongoing malspam campaign employs a subject line that includes the name of the targeted organization, the date, and the phrase "business review." The email contains a malicious link that, when clicked, redirects the user to a page customized for their company. The webpage includes an HTML download, which is actually a malicious phishing Trojan with a JavaScript that masquerades as a legitimate application in order to trick the user into inadvertently executing the payload onto the device. According to the alert, once installed, the Trojan can damage or steal data as well as harm or disrupt the network. The Adobe- and Microsoft-themed page then attempts to harvest Outlook, IONOS, AOL, or other credentials for the Evernote campaign. The campaign may have made use of Business Email Compromises (BECs) from the healthcare and other industries. Entities are being urged to update all operating systems and software applications to protect against vulnerability exploits. Additionally, steps should be taken to strengthen password management policies to reflect best practice standards. The alert pertaining to the Evernote campaign includes post request domains, the names of malicious file attachments, MD5 hashes in the attachments, and malicious URLs. This article continues to discuss the Evernote phishing campaign targeting healthcare provider organizations.

SC Magazine reports "Evernote Phishing Scam Targeting Healthcare Providers to Harvest Credentials"