Phishing Campaign Using Spoofed US-CERT Email Addresses

US-CERT has received reports of a phishing email campaign that uses spoofed US-CERT email addresses. This campaign appears to be targeting a large number of private sector organizations as well as federal, state, and local governments. US-CERT began receiving reports of this campaign on January 10, 2012.

The subject of the phishing email is: "Phishing incident report call number: PH000000XXXXXXX" containing an attachment titled "US-CERT Operation Center Report XXXXXXX.zip", with the "X" possibly indicting a random value or string. The zip attachment contains an executable file with the name "US-CERT Operation CENTER Reports.eml.exe". Reports indicate that SOC@US-CERT.GOV is the primary email address
being spoofed but other invalid email addresses are being used.

US-CERT advises that users do not open the email or any of the attachments and promptly delete the email from their inboxes.

US-CERT encourages users to do the following to reduce the risks associated with this and other phishing campaigns.

• Do not open the attachments in email messages from unknown sources.
• Install anti-virus software and keep virus signatures files up to date.
• Refer to Recognizing and Avoiding Email Scams (pdf) documents for more information on avoiding email scans.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for information on social engineering attacks.

US-CERT will provide additional information as it becomes available.

Source: http://www.us-cert.gov/current/index.html#phishing_campaign_using_spoofed_us