
Attackers attempt to steal highly sensitive personal information from unsuspecting victims
Cybercriminals are attempting to steal Microsoft Office 365 login credentials with a United Healthcare (UHS) themed email phishing campaign. More than 50,000 email boxes have received a phishing email with a malicious link.
The attackers attempt to trick recipients into thinking that the harmful phishing email is sent from a legitimate United Health group domain name. Although the email appears to originate from notifications@e-notifications.myuhc.com it actually originates from ncswi.com says a report from cyber security researchers at Abnormal Security.
Both the sending email address and the landing page are crafted to impersonate official UHS branding. The email appears to come from United Healthcare and uses its logo to help add to the ruse.

The victim is instructed to enter in their name and birthdate to begin the search process. Hitting the search button leads the victim to another page that prompts them to enter extremely sensitive information that can be used for identity theft and financial theft.
If they follow the prompts, their personal information is sent directly to the cybercriminals.
The messaging in the UHS themed phishing email informs the target that they are entitled to a refund of healthcare related payment. The victim is instructed to click on a button in the email to see their claim information. If the victim clicks on the link in the UHS phishing email, it redirects them to a spoofed webpage impersonating a United Healthcare website.
If the recipient is fooled by the phishing email and a spoofed landing page the attackers steal their name , Social Security number, driver’s license number, email address, phone number and physical address
UHS Phishing email – What to do?
Phishing emails that use branding of well-known corporations are a common scheme to steal sensitive personal information , payment cards, and bank account numbers from victims. Protect yourself with the following:
- Always scrutinize the contents of emails even if you think you know the sender
- Be especially suspicious of emails that urge you to take action immediately
- Never click on a link in an email if you were not expecting an email from that exact person
- Never download an email attachment, especially if you were not expecting something
- If you receive an email with an attachment or a link, always call the sender to see if they did indeed send the email
- Use an antivirus app to protect your laptop, computer, or phone from harmful websites and malware