Phishing Campaign Using Spoofed US-CERT Emails

Phishers are using spoofed email addresses from the US Computer Emergency Response Team (US-CERT) to trick recipients into downloading a malicious executable file.

The emails are sent from the spoofed email address soc@us-cert.gov with the subject line: “Phishing incident report call number: PH0000003863970”.

The fake warning claims US-CERT has opened the incident number PH0000007135030 and invites recipients to enquire about updates at “soc@us-cert.gov” with the reference PH0000006681938.

The attached zip file is titled “US-CERT Operation Center Report {Random value or string}.zip”.The zip attachment contains an executable file with the name “US-CERT Operation CENTER Reports.eml.exe”.

Quick Heal detects this “US-CERT Operation CENTER Reports.eml.exe” file as the TrojanDropper.Injector.bsab trojan, which is used to spy on information mostly related to bank access and transactions.

Quick Heal advises users to not open the email or any of the attachments and to promptly delete the email from their inbox.

Anand Yadav

Anand Yadav

You may also like...

secure your mobile device

Worried about your mobile security? Here’s how to secure your device and enhance performance

Breaking down a fraudulent RBI email

POWERSHELL: AN ATTACKER’S PARADISE

PowerShell: An Attacker’s Paradise

No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image

This website uses cookies to ensure you get the best experience on our website. Learn more