DHS Email Phishing Scam

["US-CERT" <US-CERT () ncas us-cert gov>]

Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:



DHS Email Phishing Scam [ https://www.us-cert.gov/ncas/current-activity/2019/06/18/DHS-Email-Phishing-Scam ] 06/18/2019 
05:23 PM EDT 
Original release date: June 18, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of an email phishing scam that tricks users into 
clicking on malicious attachments that look like legitimate Department of Homeland Security (DHS) notifications. The 
email campaign uses a spoofed email address to appear like a National Cyber Awareness System (NCAS) alert and lure 
targeted recipients into downloading malware through a malicious attachment.

CISA encourages users and administrators take the following actions to avoid becoming a victim of social engineering 
and phishing attacks [ http://www.us-cert.gov/ncas/tips/ST04-014 ]:


  * Be wary of unsolicited emails, even if the sender appears to be known; attempt to verify web addresses 
independently (e.g., contact your organization's helpdesk or search the internet for the main website of the 
organization or topic mentioned in the email). 
  * Use caution with email links and attachments [ https://www.us-cert.gov/ncas/tips/ST04-010 ] without authenticating 
the sender. CISA will never send NCAS notifications that contain email attachments. 
  * Immediately report any suspicious emails to your information technology helpdesk, security office, or email 
provider. 
________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: 
#333333; } ________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]