Riding the wave of the coronavirus epidemic, hackers are also going viral with email campaigns containing fake HIV results and coronavirus-related information. One wrong click from a consumer can lead to their computer getting infected with malware.
The latest preying on sympathizers was sussed out by cybersecurity company Proofpoint, whose researchers uncovered cybercriminals impersonating Vanderbilt University Medical Center.
“This low volume campaign had top targeted industries: global insurance, healthcare, and pharmaceutical organizations, but others were targeted as well,” Proofpoint’s Sherrod Degrippo said. “If successful and (the malware) is installed, attackers can run programs and access victims’ data, including sensitive personal and financial information.”
What to keep an eye out for
Like with many cyber scams, attachments are a giant red flag. So is incorrect spelling. In this situation, the emails purport to come from “Vanderbit Medical” and have the subject line “Test result of medical analysis.”
The body of the email urges recipients to open up a Microsoft Excel attachment titled “TestResults.xlsb,” which supposedly has the recipient’s HIV results. Unfortunately, that spreadsheet file is filled with malicious code that can shut down a user’s computer.
No sleep for the creeps
At ConsumerAffairs, it’s pretty typical to see phishing expeditions trying to capitalize on anything that’s getting a bump in the news or life cycles -- tax time IRS scams, holiday gift card scams, you name it. And while this attempt to profit off an epidemic seems unethical, consumers have to keep in mind that scammers have no ethics.
“This latest campaign serves as a reminder that health-related lures didn’t start and won’t stop with the recent Coronavirus-themed lures we observed,” Degrippo said. “They are a constant tactic as attackers recognize the utility of the health-related ‘scare factor.’”
If you’re asking if there’s some way to keep this from happening, Degrippo says nothing beats a cyber creep like good old-fashioned attentiveness. He signed off with a word of advice for consumers.
“We encourage users to treat health-related emails with caution, especially those that claim to have sensitive health-related information. Sensitive health-related information is typically safely transmitted using secured messaging portals, over the phone, or in-person. If you receive an email that claims to have sensitive health-related information, don’t open the attachments. Instead, visit your medical provider’s patient portal directly, call your doctor, or make an appointment to directly confirm any medical diagnosis or test results,” he said.