A new phishing scam is pretending to be your HIV test results to make you more likely to open up a malicious Excel document and become infected.
Over the past year, phishing campaigns have been getting nastier and nastier with scammers coming up with wild stories to get you to open a malicious document or click a link.
In what could be a new low, Proofpoint researchers have found scammers sending phishing emails with malicious Excel spreadsheets that pretend to be your HIV test results from Vanderbilt University.
While the scammers mess up and misspell ‘Vanderbit University’, unless you pay close attention you can easily miss the spelling mistake.
Attached to these emails is an attachment named TestResults.xlsb that when opened will state that your data is protected and that you need to ‘Enable Content’ to view the document.
Once you enable content, though, malicious macros will be executed that downloads and installs the Koadic penetration test and post-exploitation toolkit.
Using Koadic, the attackers gain complete control over the infected computer and can execute any command they wish, such as downloading further malware or stealing files.
“In recent years it has been used by a variety of nation state actors, including both Chinese and Russian state-sponsored groups, as well as attackers associated with Iran,” Proofpoint explained in their report.
It is important to remember that medical institutions will never send medical results via ordinary email and will instead have you log in to a secure portal to view results.
“This latest campaign serves as a reminder that health-related lures didn’t start and won’t stop with the recent Coronavirus-themed lures we observed. They are a constant tactic as attackers recognize the utility of the health-related “scare factor.” We encourage users to treat health-related emails with caution, especially those that claim to have sensitive health-related information. Sensitive health-related information is typically safely transmitted using secured messaging portals, over the phone, or in-person,” Proofpoint reiterated.
It is also important to never open attachments from strangers or organizations when they were unexpected. Even if the user is familiar, it is better to confirm they sent the email with a phone call or in-person than to open a potentially malicious document.