During the COVID-19 pandemic, cybercriminals used health concerns as easy and effective phishing bait. Now, they’re using the recent monkeypox outbreak to continue to prey on your emotions and steal your personal information.
In one such attack, employees received an email with the subject line, “Attention all [Company] Employees – Please Read and Comply.” The email includes information about the recent monkeypox outbreak and cites authorities such as the Centers for Disease Control and World Health Organization. The email also provides a link for “mandatory” monkeypox safety awareness training which requires users to log in.
Unfortunately, if you were to click the link and log in, you would not be met with helpful information about how to stay safe from monkeypox. Instead, you would provide cybercriminals with the entry point they need to steal sensitive information from your organization.
To prevent yourself and your organization from falling victim to similar scams, follow the tips below:
- Be wary of emails with alarming or urgent titles, especially emails that ask you to perform an action such as clicking a link or opening an attachment.
- Verify any unexpected or suspicious “mandatory” training with a trusted source, such as your organization’s learning team or your manager.
- Before you click on a link, hover your mouse over it. Make sure that the link leads to a legitimate, safe website that corresponds with the content in the email.