[TLP:CLEAR, ID#202403010800, Page 5 of 9]
U.S. Department of Health and Human Services
Health Sector Cybersecurity Coordination Center (HC3) www.HHS.GOV/HC3
HC3: Sector Alert
March 1, 2024 TLP:CLEAR Report: 202403010800
Business E-mail
Compromise
Criminals typically send an email
message that appears to come from
a business or individual you know—
such as one of your business
vendors, your organization’s CEO, or
the title company for your home. The
email requests a seemingly legitimate
payment, often urgently, via a wire
transfer. However, it is all a scam.
- Victim Mailing Address
- Victim Email Address
- Victim Phone Number
- Description of Incident
- Victim bank and account details
- Subject/recipient bank and account details
- Cryptocurrency wallet details (if applicable)
- Transaction dates and amounts
- The full financial wiring/routing instructions
provided by the subject
Ransomware
You are prevented from accessing
your computer files, systems, or
networks after they are infected with
malicious software, or malware.
Criminals then demand that you pay
a ransom for your files or systems to
be unlocked or decrypted.
- Victim Mailing Address
- Victim Email Address
- Victim Phone Number
- Description of Incident
- Business name and address
- Business IT or remediation firm contact
information
- Transaction details for any ransom paid
- Ransomware variant name (if known); file
extension of the encrypted file(s);
cryptocurrency type and address; email
address utilized by attackers; website(s) /
URL(s) provided by attackers; ransom
demand amount; whether the ransom was
paid and if so, the amount paid
Elder Fraud
Criminals target millions of elderly
Americans each year with many
different types of financial fraud or
confidence schemes, such as
romance, lottery, investment, or
sweepstakes scams. Criminals may
impersonate family members,
government agencies, tech support
professionals, and others to steal
your money and information.
- Victim Mailing Address
- Victim Email Address
- Victim Phone Number
- Description of Incident
- Victim bank and account details
- Subject/recipient bank and account details
- Cryptocurrency wallet details (if applicable)
- Transaction dates and amounts
- The full financial wiring/routing instructions
provided by the subject
Other Cyber
Crime
There are many other types of cyber
crime that impact both businesses
and consumers, including
cryptocurrency investment schemes,
identity theft, non-payment or non-
delivery of merchandise ordered
online, credit card fraud, computer
intrusions, corporate data breaches,
and denial of service website attacks.
- Victim Mailing Address
- Victim Email Address
- Victim Phone Number
- Description of Incident
- Any additional information requested in the
form deemed relevant to your report
MITRE ATT&CK Techniques