A phishing email mimicking an official notice from the World Health Organization might be compromising users, with email recipients willingly tricked into opening a compromised email attachment. Several hundred organizations have reportedly received the phishing email, though it remains how many were successfully infected.
"It follows the standard, successful formula for most phishing campaigns," said Karl Sigler, Trustwave threat intelligence manager. Cybercriminals often exploit major international news stories - especially regarding natural disasters, national elections, or tragedies - and criminals know when to strike. The malware logs keystrokes, records sounds via webcam, and captures images.
Even if this initial phishing campaign was unsuccessful, with the amount of media Ebola has received, cybersecurity experts warn of future attacks. Meanwhile, WHO confirmed it does not send any type of correspondence directly to the public, only sending news releases to public health experts and journalists.