A phishing campaign targeting healthcare providers aims to lure recipients to a fake Evernote notepad website in an attempt by hackers to harvest security credentials, federal authorities warn.
The campaign tells victims they’ve received a “secure message” and asks them to click on a link. Falling for the phishing scheme puts healthcare sector entities at risk for an array of potential data security compromises, warns the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center in an alert issued Wednesday.
The link leads to a website that looks like Evernote, the note-taking and to-do list management app. The site contains a downloadable file containing a Trojan.
Once installed it, the malware will do what “it was designed for – damaging, disrupting, stealing, or inflicting harm on your data or network,” HC3 warns. To make the phishing email look legitimate, phishers may use a legitimate but compromised email address from a third party.
