Home page logo

cert logo CERT mailing list archives

Current Activity - Phishing Campaign Using Spoofed US-CERT E-mail Addresses
From: Current Activity <us-cert () us-cert gov>
Date: Tue, 10 Jan 2012 13:51:39 -0500

Hash: SHA1

US-CERT Current Activity

Phishing Campaign Using Spoofed US-CERT E-mail Addresses

Original release date: January 10, 2012 at 1:32 pm
Last revised: January 10, 2012 at 1:32 pm

US-CERT has received reports of a phishing email campaign that uses
spoofed US-CERT email addresses. This campaign appears to be targeting
a large number of private sector organizations as well as federal,
state, and local governments. US-CERT began receiving reports of this
campaign on January 10, 2012.

The subject of the phishing email is: "Phishing incident report call
number: PH000000XXXXXXX" containing an attachment titled "US-CERT
Operation Center Report XXXXXXX.zip", with the "X" possibly indicting
a random value or string. The zip attachment contains an executable
file with the name "US-CERT Operation CENTER Reports.eml.exe". Reports
indicate that SOC () US-CERT GOV is the primary email address being
spoofed but other invalid email addresses are being used.

US-CERT advises that users do not open the email or any of the
attachments and promptly delete the email from their inboxes.

US-CERT encourages users to do the following to reduce the risks
associated with this and other phishing campaigns.
  * Do not open the attachments in email messages from unknown
  * Install anti-virus software and keep virus signatures files up to
  * Refer to Recognizing and Avoiding Email Scams (pdf) documents for
    more information on avoiding email scans.
  * Refer to the Avoiding Social Engineering and Phishing Attacks
    document for information on social engineering attacks.

US-CERT will provide additional information as it becomes available.

Relevant Url(s):


This entry is available at

Version: GnuPG v1.4.5 (GNU/Linux)


  By Date           By Thread  

Current thread:
  • Current Activity - Phishing Campaign Using Spoofed US-CERT E-mail Addresses Current Activity (Jan 10)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]