"HC3 Alerts Healthcare Sector of Monkeypox-Themed Phishing Scheme"

The Health Sector Cybersecurity Coordination Center (HC3) has warned healthcare providers about a new monkeypox-themed phishing scheme. The latest public health threat is being used to persuade users to click on a link. The campaign involves messages claiming to have important information about the monkeypox virus. A PDF attachment in the email contains a malicious link that takes the recipient to a Lark Docs site, which is themed after the Adobe Doc cloud and provides a secure fax monkeypox PDF download. The victim's Outlook and Office 365 credentials are harvested when they click on the download. Email credential harvesting can result in Business Email Compromise (BEC) of HPH-related and possibly non-HPH entities. BEC attacks are the most expensive type of cybercrime in today's threat landscape. The FBI received 19,369 BEC complaints in 2020 alone, resulting in approximately $1.8 billion in damages. While BEC attacks are the most expensive, traditional phishing attacks via email or malicious websites pose significant risks to the healthcare sector. Phishing was the most frequently reported cybercrime in 2021, according to the FBI's Internet Crime Complaint Center (IC3). To reduce risk, HC3 recommends that healthcare providers use complex, unique passwords that include a passphrase or a complex combination of letters, numbers, and symbols for each account. Users should also avoid opening unsolicited emails from unknown senders and installing downloads from untrustworthy publishers. This article continues to discuss HC3's alert pertaining to the new monkeypox-themed phishing campaign.  

HealthITSecurity reports "HC3 Alerts Healthcare Sector of Monkeypox-Themed Phishing Scheme"