Cofense Email Security
Contact Us
Contact

Monkeypox Phishing: Outbreak Becomes Latest Lure

Found in Environments Protected By:

Microsoft, Trend Micro

By Elmer Hernandez, Cofense Phishing Defense Center

As the world recovers and learns to live with Covid-19, use of the pandemic as a phishing theme has started to wane. However, public wariness and anxiety surrounding an emerging medical concern will remain exploitable. Enter the current monkeypox outbreak. The Phishing Defence Center (PDC) has seen attempts to deceive enterprise staff with a series of monkeypox themed phishing emails. As this rare infection spreads around the globe and gains media attention, attackers are likely to continue tweaking their tactics.

In the last week at least two PDC customers have reported emails such as the one displayed in Figure 1. Both the employee’s and company’s names change depending on who is targeted, but the email body stays the same.

The pretence is similar to what we have already seen with Covid-19 themed phishing emails. It opens up mentioning updates from reputable health organizations to give the impression of veracity and seriousness. It stresses the importance of keeping staff and the company safe, in an attempt to make the employee feel like they share part of the collective responsibility. Finally, it asks all employees of the company to comply with mandatory safety awareness training.

Email Security statistics chart showing rise in phishing attacksFigure 1 – Phishing Email

Users are taken to a compromised website and are directed to either a spoofed domain or already compromised website. Looking at the URL, it’s clear the threat actor wanted to add validity to the page by naming the directory as “health”. It is the standard Microsoft credential phishing otherwise. It first asks the user for the email address (Figure 2) and subsequently the password (Figure 3), adding confidence this is necessary due to the sensitive nature of the information being accessed. Once the user has provided all credentials a confirmation page appears for a few seconds (Figure 4) before being redirected to the real Office 365 website.

Bar chart depicting the most commonly impersonated brands in phishing attacksFigure 2 – Phishing Site

Bar chart depicting the most commonly targeted industries in phishing attacks
Figure 3 – Password

Pie chart depicting the types of information targeted by phishing attacksFigure 4 – Confirmation

IoCs
hXXps://rawshan[.]com/health/

Share This Article
Facebook
Twitter
LinkedIn

Read More Related Phishing Blog Posts

See Cofense in action.

Get a Demo

You'll learn how to:

  • Supercharge your Security Awareness Training so employees can easily spot and report actual threats.
  • Automatically detect and remove actual threats from across your enterprise.
  • Leverage our proprietary intelligence to avoid a breach.
Cofense Email Security

1602 Village Market Blvd, SE #400
Leesburg, VA 20175
(888) 304-9422

Contact Us

Why Cofense

Resources

Company Info

© 2024 Cofense Inc.

Search

We use our own and third-party cookies to enhance your experience. Read more about our cookie policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

Accept