Here’s a particularly unpleasant bit of social engineering reported in the UK by Eduard Kovacs for Softpedia: Cybercriminals Tell Users They Might Have Cancer to Trick Them into Installing Malware.
Which pretty much says it all. The email purports to have been sent by NICE (the National Institute for Health and Care Excellence) which has put up a spam warning accordingly. However, this is more than spam: it contains an attachment claimed to be a blood count report suggesting that the recipient may have cancer, but in fact it’s a password stealer.
There are obvious logical flaws here.
Firstly, it’s likely that if you’d given a sample for a blood test you’d remember. However, there’s obviously a chance that some of these messages might reach people who have actually given samples recently, and would be more likely to be panicked into clicking on the malicious attachment.
Secondly, NICE is not in the business of doing blood tests: its remit is rather more abstract. But again, the hope is that the victim will be too panicked to check properly.
David Harley
Small Blue-Green World
Leave a comment