Feds warn of monkeypox-themed malicious email campaign targeting health care providers

Don’t click on links or attachments unless you’re sure they are legitimate.

Physicians and their staff should beware a monkeypox-themed email campaign that is targeting health care providers.

A sector alert was published Sept. 19 by the Health Sector Cybersecurity Coordination Center (HC3), within the U.S. Department of Health and Human Services. The campaign uses official-sounding language to convince recipients to click on a bogus download that is really a program that attempts to steal email credentials.

The sector alert stated: “The campaign has a subject of: “Data from (Victim Organization Abbreviation): "Important read about - Monkey Pox – (Victim Organization) (Reference Number) and utilizes an “Important read about Monkey Pox” theme.

“Inside of the email is a PDF with a malicious link which lures the recipient to a Lark Docs site. “The site is Adobe Doc cloud themed and offers a secure fax Monkey Pox PDF download.

"Clicking the download attempts to harvest Outlook, O365, or other mail credentials.”

HC3 recommends the following actions to help protect organization cybersecurity:

  • Protect each account with complex, unique passwords. Use a passphrase and/or a complex combination of letters, numbers, and symbols.
  • In general, avoid opening unsolicited emails from senders you do not know.
  • Do not open a link or an attachment in an email unless you’re confident it comes from a legitimate source.
  • Do not download or install programs if you do not have complete trust in the publisher.
  • Do not visit unsafe websites and do not click on pop-up windows that promise free programs that perform useful tasks.