The department of Labor sent out an email last month informing Americans about updates to its Affordable Care Act page – hackers have now taken that email and used it as a template to spread a new scam. Be careful if you find an email about Affordable Care in your inbox, because it could be fake. Hackers have sent out a phony email in an attempt to trick people into downloading malware that has the capability to swipe all of the money from your bank account.
What to Look For
The email was first spotted by security experts at Naked Security. It’s nearly identical to the original email, including use of the same language, exact formatting, and even includes the Department of Labor logo. A major notable change, though, is that instead of simply summarizing the changes to the Affordable Care Act page, the phony email asks readers to follow a link to download information. The link leads to a site that will prompt a malware download and infect your systems.
Avoid Clicking on Suspicious Links
Your first major sign of trouble should be the “FOLLOW LINK” prompt. Typically a good rule of thumb is that links embedded in emails are generally not a good thing and are quite likely to be part of a scam. If you put your mouse over the link in the email, you’ll see that it doesn’t lead to any government website.
If you do go as far as following the link you’ll be told to download a PDF called health_coverage_webcast.pdf. However, the file that actually downloads to your computer is health_coverage_webcast.pdf.scr – a program that installs Vawtrack, a malware designed to steal your information and gain access to your secure bank accounts.
If you’re feeling concerned, here’s a few great tips to help you stay safe against dangerous emails like this:
- Always go directly to the website: Type the URL into a search bar and go. Do not click on links leading to the website – links can often take you elsewhere.
- Watch your bank account: If you’ve received a suspicious email like this, watch your bank account carefully and report any fraudulent charges immediately.
- Install and run anti-virus software: Make sure you’ve installed a trustworthy anti-virus software program and run it on a regular basis.
- Keep your employees up-to-date on security threats: If your employees don’t know what to watch out for, they’re more likely to open something malicious
For more on Vawtrack and other potentially dangerous risks to your systems, contact Hammett Technologies at firstname.lastname@example.org or speak to us directly by phone at (443) 216-9999. We’d be happy to help you mitigate the risks.