Phishing Campaign Using Spoofed US-CERT Emails

Wednesday, January 11, 2012



US-CERT has received reports of a phishing email campaign that uses spoofed US-CERT email addresses.

This campaign appears to be targeting a large number of private sector organizations as well as federal, state, and local governments. US-CERT began receiving reports of this campaign on January 10, 2012.

The subject of the phishing email is: "Phishing incident report call number: PH000000XXXXXXX" containing an attachment titled "US-CERT Operation Center Report", with the "X" possibly indicting a random value or string.

The zip attachment contains an executable file with the name "US-CERT Operation CENTER Reports.eml.exe". Reports indicate that SOC@US-CERT.GOV is the primary email address being spoofed but other invalid email addresses are being used.

US-CERT advises that users do not open the email or any of the attachments and promptly delete the email from their inboxes.

US-CERT encourages users to do the following to reduce the risks associated with this and other phishing campaigns.

US-CERT will provide additional information as it becomes available.


Possibly Related Articles:
Email Phishing scam malware CERT Spoofing Advisory
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.