Attackers spoof US-CERT phish alert to lure victims

Mimicking the first line of defence to get past the second.

Phishers are using spoofed email addresses from the US Computer Emergency Response Team (US-CERT) to trick recipients into downloading a malicious executable.

US-CERT issued a warning Tuesday that a "large number" of private sector and government organisations had received a fake phishing warning that urges recipients to open a zip attachment that contains the executable, "US-CERT Operation CENTER Reports.eml.exe".

The message reads: "US-CERT is forwarding the following Phishing email that we received to the APWG for further investigation and processing. Please check attached report for the details and email source".

Cisco reports the executable contains malicious code, however it did not provide details on what its impact was.

The fake warning claims US-CERT has opened the incident number PH0000000149068 and invites recipients to enquire about updates at with the reference PH0000000698426.

"Reports indicate that SOC@US-CERT.GOV is the primary email address being spoofed but other invalid email addresses are being used," US-CERT warned on its website.

The real US-CERT urged users not to open the email or the attachments and delete the email.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about CERT AustraliaCiscoComputer Emergency Response Team

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts