There’s yet another phishing scam in which bad actors are posing as the government to trick users into downloading malware.
The Cybersecurity and Infrastructure Security Agency delivered a new warning this week against an email phishing scam in which bad actors con users into opening malicious attachments that appear to be legitimate notifications from the Homeland Security Department.
According to an alert from the agency, the email campaign uses a spoofed email address that looks like a real alert from the National Cyber Awareness System. If opened, the message entices recipients to download malware through an attachment.
CISA said it’s critical that users immediately report suspicious emails to their tech helpdesks, security offices and email providers. The agency also urged users to proceed with caution before opening links and attachments without authenticating the senders.
“CISA will never send NCAS notifications that contain email attachments,” the agency said.
The alert also warns users to be wary of unsolicited emails—even if the sender is known—and to verify web addresses independently, whenever possible.