Attackers spoof US-CERT phish alert to lure victims

Mimicking the first line of defence to get past the second.

Phishers are using spoofed email addresses from the US Computer Emergency Response Team (US-CERT) to trick recipients into downloading a malicious executable.

US-CERT issued a warning Tuesday that a "large number" of private sector and government organisations had received a fake phishing warning that urges recipients to open a zip attachment that contains the executable, "US-CERT Operation CENTER Reports.eml.exe".

The message reads: "US-CERT is forwarding the following Phishing email that we received to the APWG for further investigation and processing. Please check attached report for the details and email source".

Cisco reports the executable contains malicious code, however it did not provide details on what its impact was.

The fake warning claims US-CERT has opened the incident number PH0000000149068 and invites recipients to enquire about updates at soc@us-cert.gov with the reference PH0000000698426.

"Reports indicate that SOC@US-CERT.GOV is the primary email address being spoofed but other invalid email addresses are being used," US-CERT warned on its website.

The real US-CERT urged users not to open the email or the attachments and delete the email.

Join the CSO newsletter!

Error: Please check your email address.

More about CERT AustraliaCiscoComputer Emergency Response Team

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts