mailing list archives
Current Activity - Phishing Campaign Using Spoofed US-CERT E-mail Addresses
From: Current Activity <us-cert () us-cert gov>
Date: Tue, 10 Jan 2012 13:51:39 -0500
-----BEGIN PGP SIGNED MESSAGE-----
US-CERT Current Activity
Phishing Campaign Using Spoofed US-CERT E-mail Addresses
Original release date: January 10, 2012 at 1:32 pm
Last revised: January 10, 2012 at 1:32 pm
US-CERT has received reports of a phishing email campaign that uses
spoofed US-CERT email addresses. This campaign appears to be targeting
a large number of private sector organizations as well as federal,
state, and local governments. US-CERT began receiving reports of this
campaign on January 10, 2012.
The subject of the phishing email is: "Phishing incident report call
number: PH000000XXXXXXX" containing an attachment titled "US-CERT
Operation Center Report XXXXXXX.zip", with the "X" possibly indicting
a random value or string. The zip attachment contains an executable
file with the name "US-CERT Operation CENTER Reports.eml.exe". Reports
indicate that SOC () US-CERT GOV is the primary email address being
spoofed but other invalid email addresses are being used.
US-CERT advises that users do not open the email or any of the
attachments and promptly delete the email from their inboxes.
US-CERT encourages users to do the following to reduce the risks
associated with this and other phishing campaigns.
* Do not open the attachments in email messages from unknown
* Install anti-virus software and keep virus signatures files up to
* Refer to Recognizing and Avoiding Email Scams (pdf) documents for
more information on avoiding email scans.
* Refer to the Avoiding Social Engineering and Phishing Attacks
document for information on social engineering attacks.
US-CERT will provide additional information as it becomes available.
This entry is available at
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
-----END PGP SIGNATURE-----
- Current Activity - Phishing Campaign Using Spoofed US-CERT E-mail Addresses Current Activity (Jan 10)