Phishing emails from spoofed US-CERT addresses
US-CERT has issued a public warning about a phishing email campaign using spoofed US-CERT email addresses.
“The subject of the phishing email is: ‘Phishing incident report call number: PH000000XXXXXXX’ containing an attachment titled ‘US-CERT Operation Center Report XXXXXXX.zip’, with the ‘X’ possibly indicting a random value or string,” US-CERT explained on its site. “The zip attachment contains an executable file with the name ‘US-CERT Operation CENTER Reports.eml.exe’. Reports indicate that SOC@US-CERT.GOV is the primary email address being spoofed but other invalid email addresses are being used.”
According to the organization, the email was sent to employees of many private sector organizations and of federal, state, and local governments during the last few days.
The attached executable is a yet unspecified type of malware and US-CERT advises users not to download and run the attachment, or even open the email in question, but just delete it from their inboxes – as they should with any other unsolicited email messages.