SA's seeing emails about 'mandatory training' for monkeypox prevention – it's a scam

Business Insider SA
(Photo Courtesy of CDC/Getty Images)
(Photo Courtesy of CDC/Getty Images)
  • The current monkeypox outbreak, like the Covid-19 pandemic, has been a source for misinformation and conspiracy theories.
  • Now, it's being used as a topic in an email phishing scam that's been detected in South Africa.
  • The email purports to be from a company addressing its employees on "mandatory monkeypox safety awareness training".
  • For more stories go to

Interest around the current monkeypox outbreak is being used by cybercriminals in a phishing scam that's been reported globally and, recently, in South Africa.

More than 1,200 cases of monkeypox have been identified by the World Health Organisation (WHO) across 28 countries where the virus had not usually or had not previously been reported prior to 13 May.

The outbreak is more concentrated in Europe and North America, with the United States' Centers for Disease Control and Prevention (CDC) recently ramping up the alert level associated with monkeypox, warning people to "practice enhanced precautions".

Monkeypox virus is an orthopoxvirus that causes a disease with symptoms similar, but less severe, to smallpox, according to the WHO. Symptoms include fever, an extensive characteristic rash and swollen lymph nodes. In recent times, the case fatality ratio has been around 3% to 6%.

Monkeypox, like the Covid-19 pandemic, has been the target of misinformation campaigns. Now, it's being used as a topic to scam people through emails.

"Monkeypox is high on the news agenda, so it comes as no surprise that cybercriminals are exploiting it," explained Tim Campbell, head of threat intelligence at Mimecast.

"Cybercriminals adjust their phishing campaigns to be as timely and relevant as possible, using traditional attack methods to exploit current events in an attempt to lure busy and distracted people to engage with links in emails, applications or texts. Now, they are using monkeypox as an opportunity to send phishing emails to company employees for 'mandatory monkeypox safety awareness training'."

The latest phishing scam, which Campbell confirmed to Business Insider SA had been detected in the country, uses an email disguised as originating from a company to its employees.

Monkeypox South Africa
Example of the monkeypox email phishing scam (Supplied by Mimecast)

The email notes that the "company" has been monitoring developments surrounding the monkeypox outbreak and cites updates provided by the CDC, WHO, and "local health officials".

"In an effort to keep all team members safe and informed, as well as our business protected, included here are the precautions that have been put in place," states the email. The recipient is then advised to click on the link provided, which purports to be for "mandatory monkeypox safety awareness training".

Clicking the link and entering personal details when prompted allows the cybercriminals to harvest that information and use it to gain access to other systems, enabling the theft of further sensitive data.

The phishing campaign exploits the public's awareness of health emergencies, preying on the need for information honed during the Covid-19 pandemic – particularly when it comes to company policies – and using it within the context of the monkeypox outbreak, said Mimecast.

Campbell points out that phishing scams continue to be a popular attack method against South African organisations, with the majority of respondents to its recent security survey indicating that attacks had increased over the past year.

Get the best of our site emailed to you every weekday.

Go to the Business Insider front page for more stories.

Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Brent Crude
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo