Durban - While more cases of monkeypox are being detected around the world – including South Africa – scammers remain busy.
According to Mimecast Threat Intelligence, a new email phishing scam is doing the rounds using monkeypox to trick people into sharing their personal details.
Mimecast's Tim Campbell said monkeypox is high on the news agenda so it comes as no surprise that cyber criminals are exploiting it. He said cyber criminals adjust their phishing campaigns to be as timely and relevant as possible, using traditional attack methods to exploit current events in an attempt to lure busy and distracted people to engage with links in emails, applications or texts.
"Now, they are using monkeypox as an opportunity to send phishing emails to company employees for ‘mandatory monkeypox safety awareness training’. In this latest phishing campaign, recipients are asked to click on a link to complete ‘mandatory training’ as part of supposed new company policy. As the phishing email is made to look like an internal company email, employees are at risk of clicking the link and entering their login details, which will then be harvested and used to access systems within the organisation to steal information," Campbell explained.
He warned that phishing scams continue to be a popular attack method against South African organisations, with 65% of respondents in Mimecast's State of Email Security 2022 reporting an increase in such attacks over the past year.
He said this latest campaign highlights the fact that cyber criminals will exploit the fear and uncertainty caused by the recent news as well as the need for cybersecurity awareness training within organisations to reduce employees falling for this type of phishing campaign.
Campbell said with cyberattacks, it is a question of when, not if one will occur.
"It is important for organisations to have adequate, cybersecurity measures in place as well as a well-rehearsed cyber resilience response plan. Cybersecurity awareness training for their staff needs to be frequent and engaging to ensure they avoid clicking on risky links. Employees must scrutinise suspicious emails and not click on links if in any doubt," he said.
On Thursday, the Health Department confirmed SA's first monkeypox case. Health Minister, Dr Joe Phaahla said the patient was a 30-year-old male from Johannesburg who has no travel history, meaning that this cannot be attributed to having been acquired outside South Africa.
“Working with the relevant health authorities a process of contact tracing has begun. The National Institute of Communicable Diseases is conducting online in service training for our health workers for them to be able to detect the disease so that the necessary laboratory tests can be done. The disease only spread through close droplets so you cannot get by being in the same room with an infected person," he said.
IOL