Phishing bait: Notifications from NICE about blood test results possibly indicative of cancer.
Example: [Collected via e-mail, March 2014]
Please could you advise on the content of this email sent to one of my users today. There is also a zip attachment on the email.
We have been sent a sample of your blood analysis for further research.
During the complete blood count (CBC) we have revealed that white blood cells is very low, and unfortunately we have a suspicion of a cancer.
Wite Blood cells 1200 Low
Hemoglobin 12 Normal
Platelets 19000 Low
We suggest you to print out your CBC test results and interpretations in attachment below and visit your family doctor as soon as possible
Origins: In March 2014, Internet users began receiving emailed messages National Institute for Health and Care Excellence stating that organization had “been sent a sample of your blood analysis for further research,” and that a complete blood count (CBC) run on that sample revealed a low white blood cell count, possibly indicative of cancer. Recipients were advised to click an embedded link to “print out your CBC test results and interpretations” from an attached file:
These messages were not actually sent out by NICE or any other legitimate medical organization, nor do they reference real blood test results. They’re fabricated lures intended to trick recipients into opening the attached .zip file (which houses an executable file disguised as a PDF document), an act that facilitates the installation of a trojan on the user’s computer which scammers can use to harvest all sorts of personal information, including passwords and account information. This lure is effective in a scattershot approach because blood tests are common medical diagnostics, so a good many random recipients of these messages likely have had blood tests in the recent past.
NICE has published a warning about these messages on its web site advising that:
NICE is aware that a spam email is being sent to members of the public regarding cancer test results. Please be assured that this email is not from NICE and we are currently investigating its origin.
If you have received the email, do not open the attachments.
Updates will be made on the website and also via Twitter: @NICEComms
Users receiving one of these emails should delete the message immediately without clicking on any of the links.
Last updated: 14 March 2014