Don’t click on links or attachments unless you’re sure they are legitimate.
Physicians and their staff should beware a monkeypox-themed email campaign that is targeting health care providers.
A sector alert was published Sept. 19 by the Health Sector Cybersecurity Coordination Center (HC3), within the US Department of Health and Human Services. The campaign uses official-sounding language to convince recipients to click on a bogus download that is really a program that attempts to steal email credentials.
The sector alert stated: “The campaign has a subject of: “Data from (Victim Organization Abbreviation): "Important read about - Monkey Pox – (Victim Organization) (Reference Number) and utilizes an “Important read about Monkey Pox” theme.
“Inside of the email is a PDF with a malicious link which lures the recipient to a Lark Docs site. “The site is Adobe Doc cloud themed and offers a secure fax Monkey Pox PDF download.
"Clicking the download attempts to harvest Outlook, O365, or other mail credentials.”
HC3 recommends the following actions to help protect organization cybersecurity: