Medical Test Results

Victim receives an email from a medical office containing "their" medical analysis results.

Methods

MALWARE

Goals

Payloads

DOC DOCX XLS XLSX PDF

Description

A victim receives an unsolicited email containing medical analysis data from a medical office. In this pretext, the attacker is not sending an email to a victim that they believe is waiting for medical results. Instead, the email is designed to pique the recipient's curiosity to view someone else's medical test results. The actual medical test referenced in the email could vary: Coronavirus, HIV, Blood work, etc. The email contains an attachment with the medical test results; however, that attachment is malware.

Examples

Sources

https://www.proofpoint.com....

Payload forwording

XLSX

Microsoft Excel workbook containing fake medical data results and malware via macro.

PDF

Attacker could grab a real medical analysis pdf from a google search and then embed some type of malware

This would cross a line for ethical hacking purposes. This pretext prays on two things: (1) our natural concern for our health (2) curiosity of information sent to the wrong recipient.