Phishers strike at mobile wellness app company – Naked Security


If you don’t believe that you could ever fall victim to a social engineering attack, take heed. Last week, a mobile healthcare application vendor reportedly fell victim to a scam that saw criminals send fraudulent mails to everyone in a director’s account.

Online criminals launched a cyberattack on healthcare app company Evergreen Life. Its app helps people log their own health information, taking in fitness, nutrition, and even DNA records. They can also connect to their GP, access their medical records, and book appointments. The app gives people a wellness score to help them assess the shape they’re in.

On Monday 21 October, the cybercriminals reportedly did their best to infiltrate Evergreen Life’s email systems using an age-old technique: phishing. They accessed the email of Dr Brian Fisher, the company’s clinical director. As a high-up executive in the company with a prominent industry profile, he has lots of contacts. The online crooks managed to send an email to all his contacts with this title:

Brian Fisher has shared a document with you via OneDrive for Business.