Authorities in Lithuania have issued an urgent warning following a sophisticated phishing campaign targeting educational institutions in the capital. On May 13, schools across Vilnius received forged emails claiming to be from the National Public Health Center (NVSC). These messages falsely warned of an imminent threat regarding the spread of hantavirus, a rare but serious respiratory infection, causing immediate concern among staff and parents.
The NVSC, which operates under the Ministry of Health, has moved quickly to debunk the claims, stating categorically that no such alert was issued. Officials confirmed that the emails are entirely fraudulent and that there is currently no increased risk of hantavirus infection in Lithuania. The incident is being treated as a deliberate attempt to incite panic by exploiting sensitive topics—specifically the health and safety of children.
Official Denial of Viral Outbreak
The National Public Health Center emphasized that the information contained in the May 13 emails is completely unfounded. “We emphasize that the National Public Health Center did not prepare or send any information to educational or other institutions about a supposedly increased threat of hantavirus infection,” the agency stated in an official release.
While the primary targets identified so far are schools within the Vilnius municipality, authorities are investigating whether the campaign has reached other public sector organizations or private businesses. The NVSC has already notified the affected schools directly, but the broader public is being urged to remain vigilant against similar disinformation tactics.
Cybersecurity Risks and Red Flags
Beyond the immediate psychological impact of a health scare, the fraudulent emails carry significant technical risks. Security analysts noted several red flags that indicate the messages were part of a malicious cyber operation rather than a legitimate government communication.
Firstly, the emails were sent from a non-institutional address that did not use the official NVSC domain. Secondly, the structure of the letter and the phrasing used were inconsistent with standard official correspondence. Most critically, the emails contained a PDF attachment. Experts warn that such files are frequently used to deliver malware or ransomware, which could compromise the entire digital infrastructure of a school or organization.
Recipients were also pressured to act with extreme urgency, being told to post the false information on their official websites immediately. This “urgency tactic” is a hallmark of social engineering, designed to make victims bypass their usual verification protocols in the heat of the moment.
The Broader Context of Health Disinformation
This incident mirrors a growing global trend where public health concerns are weaponized by cybercriminals and bad actors. By choosing hantavirus—a rodent-borne virus that can cause severe illness but is relatively rare in urban European settings—the perpetrators targeted a specific gap in public knowledge to maximize alarm.
Similar tactics have been observed across Europe and the UK, where scammers have previously used NHS branding or World Health Organization (WHO) logos to spread malware or steal personal data. In this instance, the targeting of the educational sector highlights a calculated attempt to disrupt essential public services and exploit the protective instincts of the community.
Recommended Safety Protocols for Institutions
In response to the breach, the NVSC and law enforcement agencies have provided clear instructions for any institution that receives suspicious health-related correspondence:
- Do Not Open Attachments: Any PDF or executable file attached to an unverified email should be treated as a high-security risk.
- Verify the Source: Official Lithuanian government emails will always originate from a “.gov.lt” or specific institutional domain (such as @nvsc.lrv.lt).
- Report Immediately: Any organization receiving these forgeries is instructed to contact the police and the NVSC to assist in the ongoing investigation.
- Issue Retractions: If a school or office has already shared the false information on internal channels or public websites, they are urged to post a clear denial and explanation immediately to prevent further spread of the hoax.
Lithuanian law enforcement is currently evaluating the situation to determine the origin of the emails and whether the campaign constitutes a broader breach of national cybersecurity or a coordinated disinformation effort.
Source: BNS

Comments