CERT mailing list archives

Previous By Date Next
Previous By Thread Next

Current Activity - Phishing Campaign Using Spoofed US-CERT E-mail Addresses

From: Current Activity <us-cert () us-cert gov>
Date: Tue, 10 Jan 2012 13:51:39 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Phishing Campaign Using Spoofed US-CERT E-mail Addresses

Original release date: January 10, 2012 at 1:32 pm
Last revised: January 10, 2012 at 1:32 pm


US-CERT has received reports of a phishing email campaign that uses
spoofed US-CERT email addresses. This campaign appears to be targeting
a large number of private sector organizations as well as federal,
state, and local governments. US-CERT began receiving reports of this
campaign on January 10, 2012.

The subject of the phishing email is: "Phishing incident report call
number: PH000000XXXXXXX" containing an attachment titled "US-CERT
Operation Center Report XXXXXXX.zip", with the "X" possibly indicting
a random value or string. The zip attachment contains an executable
file with the name "US-CERT Operation CENTER Reports.eml.exe". Reports
indicate that SOC () US-CERT GOV is the primary email address being
spoofed but other invalid email addresses are being used.

US-CERT advises that users do not open the email or any of the
attachments and promptly delete the email from their inboxes.

US-CERT encourages users to do the following to reduce the risks
associated with this and other phishing campaigns.
  * Do not open the attachments in email messages from unknown
    sources.
  * Install anti-virus software and keep virus signatures files up to
    date.
  * Refer to Recognizing and Avoiding Email Scams (pdf) documents for
    more information on avoiding email scans.
  * Refer to the Avoiding Social Engineering and Phishing Attacks
    document for information on social engineering attacks.

US-CERT will provide additional information as it becomes available.

Relevant Url(s):
<http://www.us-cert.gov/cas/tips/ST04-014.html>

<http://www.us-cert.gov/reading_room/emailscams_0905.pdf>

====
This entry is available at
http://www.us-cert.gov/current/index.html#phishing_campaign_using_spoofed_us

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTwyIrT/GkGVXE7GMAQIWKggAmrGxmOzT4ZSTuNr+h49eRR+tsTbdEnat
vUGAar/+1zpuLszZXekpbFWKxHALBptdxMzfrWN1jxiCfATbg6Ynjsz4HP0oAkXM
JROvjTbKJhraebQaa/cxiZ8fCo3PfyYa3eQdHT8Tv3wgZIhgdLXjiZLQpkYTup+d
nyeHBYgfl6bYYLyxdPtT0GItMIX+FB/3/BPXkkXMz78nJ+2xJDlDh63PhDKa0I26
C5p3Zj01hzUDKcw2/K4yHpCBnSWVYmXNWUNHzVBhtFkDApU/CXGUcZ/5WUviBuI/
qSvYwQNjha/8hiU6cuvLffPOiL+MEK8VR9f01ZtTCe4Sqh7+xQM4Lg==
=jb21
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: