14 DAY TRIAL // Cybercriminals have launched a new malicious email campaign that lures unsuspecting users in the United States with a reference to the Affordable Care Act in the subject line.
The United States Computer Emergency Readiness Team (US-CERT) issued a warning for users last week, informing that these emails try either to obtain private information or to infect the recipient’s computer with malware.
Detecting the malicious attempt is obvious in many instances, as most of the times the cyber crooks are not native English speakers, making grammar and spelling mistakes.
However, in some cases, they copy text from official sources and apply it to their emails, in an attempt to make the communication legitimate.
If no attachment comes with the malicious email, then it invariably points to an online location. Users should check the domain of the URL to see if it matches the source of the message.
Scammers rely on different domains, either compromised or registered by themselves, to host a fraudulent web page designed to steal various data (account credentials in particular) or malicious software.
This phishing campaign tries to lure recipients to dodgy locations by promising health coverage information.
Sometimes the malware comes attached to the email and it may look like a document of some sort, with a name that appears legitimate. However, if it is archived, a closer look at its type is necessary, as it may be an executable file.
US-CERT’s recommendations are simple: “do not follow links or download attachments in unsolicited email messages” and “maintain up-to-date antivirus software.” Apart from this, a link to security tips regarding social engineering attacks is provided.