Sunday, December 6, 2009

Swine flu spawns an email phishing scam that'll give you a nasty virus


It's bad enough that the H1N1 swine flu pandemic has caused such widespread public anxiety, and it's worse that the vaccine has become its own source of concern, whether due to the shortage or spurious fears about its safety. Now, the bottom-feeders known as phishing scammers are exploiting the situation, sowing even more fear, anger and mistrust around the swine flu.

It seems that people have been receiving emails claiming to be from the Centers for Disease Control and Prevention requesting that recipients complete a "Personal H1N1 Vaccination Profile" at cdc.gov for the CDC Sponsored State Vaccination Program for H1N1. Of course, there's no such thing.

The CDC writes on its website under the Health Related Hoaxes and Rumors section:
"The CDC has NOT implemented a state vaccination program requiring registration on www.cdc.gov. Users that click on the email are at risk of having malicious code installed on their system."
The email security experts at Red Condor explain how the scam works: When users click on the embedded "Create Personal Profile" link in the email, they are sent to a page that to all intents and purposes looks like the real thing, with a CDC-branded header and footer, including the Department of Health and Human Services logo. From there, visitors are asked to download an "electronic document, which contains your name, your contact details and your medical data." The file is actually an executable that contains a Trojan virus identified as W32/Vacc.A!tr.

Unfortunately, since this is a relatively new phishing scam, it is not being detected by most antivirus programs, "so it is important that people simply delete these messages and notify their IT administrators of the threat," Red Condor says.

The CDC also suggests users to take the following steps to reduce their risk of being victimized by a phishing attack:
  • Do not follow unsolicited links and do not open or respond to unsolicited email messages.
  • Use caution when visiting untrusted websites.
  • Use caution when entering personal information online.
To prey on the public's fear in such a manner truly is a new low even for phishers, especially because this scam is adding to existing concerns and feeding a mindset of mistrust. These scammers should be dealt with seriously and to the fullest measure of the law, preferably with some significant prison time.

There's no better place to get information about seasonal and pandemic influenza and their vaccines than the real CDC website and other health department sites such as Flu.gov. Here's hoping that this phishing scam won't deter anyone from visiting the legitimate sites.

No comments: