The NJCCIC received reports of a phishing campaign with Aetna-themed lures attempting to deliver malware. The sender’s display name impersonates the managed healthcare company to appear legitimate, and the sender’s email address contains keywords such as Aetna, payment, support, medical, billing, and coding. The subject line displays, “Aetna has sent an electronic payment to you.” The phishing email contains an HTML attachment that, if clicked, initiates a JavaScript file to deliver a Trojan. This type of malware can be installed to steal information, infect systems, and deliver ransomware. The included HTML attachment is flagged as malicious in VirusTotal. Its naming convention may also vary and contain keywords such as HealthCare, payments, claims, QuickBooks, notifications, or invoice.

The NJCCIC also observed phishing emails with Intuit-themed lures sent to New Jersey State employees attempting to harvest account credentials. The sender’s display name impersonates the legitimate Intuit Quickbooks brand; however, upon closer inspection, it displays “Intuit Quickbooks.Online,” and the sender’s email address is a Gmail account. The subject line conveys a sense of urgency with “Action Required: New Pending Payment” to convince the target to click on the PDF attachment for further information. If clicked, the target is directed to a newly registered phishing website containing Intuit branding which is flagged as malicious in VirusTotal. If the account credentials are entered, they are sent to the threat actors in the background.

The NJCCIC recommends users and organizations educate themselves and others on these continuing threats and tactics to reduce victimization. Users are advised to refrain from responding to unsolicited communications, opening attachments, or clicking links from unknown senders, and exercise caution with communications from known senders. If unsure of the legitimacy, contact the sender via a separate means of communication, such as by phone, before taking any action. Phishing emails and other malicious cyber activity can be reported to the FBI Internet Crime Complaint
Center (IC3) and the NJCCIC.