Phishers are using spoofed email addresses from the US Computer Emergency Response Team (US-CERT) to trick recipients into downloading a malicious executable.
US-CERT issued a warning Tuesday that a "large number" of private sector and government organisations had received a fake phishing warning that urges recipients to open a zip attachment that contains the executable, "US-CERT Operation CENTER Reports.eml.exe".
The message reads: "US-CERT is forwarding the following Phishing email that we received to the APWG for further investigation and processing. Please check attached report for the details and email source".
Cisco reports the executable contains malicious code, however it did not provide details on what its impact was.
The fake warning claims US-CERT has opened the incident number PH0000000149068 and invites recipients to enquire about updates at firstname.lastname@example.org with the reference PH0000000698426.
"Reports indicate that SOC@US-CERT.GOV is the primary email address being spoofed but other invalid email addresses are being used," US-CERT warned on its website.
The real US-CERT urged users not to open the email or the attachments and delete the email.