Do not click on links or attachments unless you are sure they are legitimate.
Physicians and their staff should beware of a monkeypox-themed email campaign targeting healthcare providers.
On September 19, a sector warning was published by the Health Sector Cybersecurity Coordination Center (HC3), within the US Department of Health and Human Services. The campaign uses official-sounding language to convince recipients to click on a fake download that is in fact a program trying to steal email data.
The sector warning stated: “The campaign is titled: “Data from (abbreviation of victim organization): “Important reading about – Monkey Pox – (Victim’s organization) (reference number) and uses a theme “Important reading about Monkey Pox”.
“The email contains a PDF with a malicious link that lures the recipient to a Lark Docs site. “The site has an Adobe Doc cloud theme and offers a secure fax Monkey Pox PDF download.
“Clicking the download will attempt to collect Outlook, O365, or other email credentials.”
HC3 recommends the following actions to help protect organizations’ cybersecurity:
- Protect every account with complex, unique passwords. Use a passphrase and/or a complex combination of letters, numbers, and symbols.
- In general, avoid opening unsolicited emails from senders you don’t know.
- Do not open a link or attachment in an email unless you are sure it comes from a legitimate source.
- Do not download or install programs if you do not fully trust the publisher.
- Do not visit unsafe websites or click on pop-up windows that promise free programs to perform useful tasks.