Phishing Emails Mimic Department of Homeland Security Alerts


The federal government has issued an alert concerning a new malware phishing campaign launched by unknown cyber assailants using emails that claim to be from the Department of Homeland Security (DHS).

The Cybersecurity and Infrastructure Security Agency (CISA) has advised citizens to be on the alert for emails purportedly sent from the National Cyber Awareness System (NCAS). According to CISA, the malware campaign uses a spoofed email address to make it appear like an NCAS alert. A click on the attached document springs malware on the unsuspecting victim. CISA is advising people receiving an unexpected email to confirm that it came from DHS and has cautioned users not to click links or download attachments included in emails. As a matter of policy, CISA does not send NCAS notifications that contain email attachments.

The cybersecurity agency has provided these recommended actions to avoid being victimized by social engineering and phishing attacks:

  • Be wary of unsolicited emails, even if the sender appears to be known.
  • Before opening the email, contact your organization's help desk or search the internet for the main website of the organization or topic mentioned in the email.
  • Use caution with email links and attachments without authenticating the sender.
  • Immediately report any suspicious emails to your information technology help desk, security office or email provider.

Cyber attackers often take advantage of current events and certain times of the year, such as natural disasters like hurricanes, epidemics and health scares, economic concerns, such as Internal Revenue scams, political elections and holidays, CISA said in a separate advisory.

Additional CISA recommendations for users include:

  • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information.
  • If an unknown individual claims to be from a legitimate organization, verify his or her identity directly with the company.
  • Do not provide personal information or information about your organization.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information, including links sent in email.
  • Don't send sensitive information over the internet before checking a website's security.
  • Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain.
  • If you are unsure whether an email request is legitimate, verify it by contacting the company directly.
  • Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic.

If you believe you are a victim:

  • Report it to the appropriate people within your organization, including network administrators.
  • Contact your financial institution immediately and close any accounts that may have been compromised.
  • Change any passwords you might have revealed.
  • Watch for other signs of identity theft.
  • Consider reporting the attack to the police.
  • File a report with the Federal Trade Commission.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.