CISA Warns Internet Users Of A Department of Homeland Security Phishing Scam

  •  
  •  
  •  
  • 3
  •  
  •  
  •  
    3
    Shares

It seems new phishing campaigns are on a rise. Another phishing campaign comes into limelight after CISA issues alert for users. Allegedly, the malefactors are now preying on users via DHS email phishing scam.

DHS Email Phishing Scam

According to the latest alert issued by the Cybersecurity and Infrastructure Security Agency (CISA), a new phishing scam is on the rise. This scam allegedly takes advantage of the U.S. Department of Homeland Security (DHS).

The campaign tricks users by sending malicious attachments via emails that resemble DHS notifications. Downloading the attachment installs malware on the target device that may execute malicious activities as directed by the attacker. Owing to the apparent legitimacy of the email and the spoofed email address, the users may inadvertently fall prey to this scam.

As stated in the CISA advisory,

The email campaign uses a spoofed email address to appear like a National Cyber Awareness System (NCAS) alert and lure targeted recipients into downloading malware through a malicious attachment.

Protecting Yourself From Phishing Attacks

Most phishing scams work by sending spam emails to users to trick them. The emails either carry links to malicious web pages from where the next action would proceed. Or, these may include malicious attachments that download malware into the target system once opened by the user. Thus, the first step to protecting oneself from phishing scams is to practice utmost care while dealing with unsolicited emails.

CISA also recommends the same to users regarding this DHS email phishing scam. They advise the users to independently verify the web addresses even for emails from known senders. Besides, they also clearly state that they never send NCAS via emails.

Use caution with email links and attachments without authenticating the sender. CISA will never send NCAS notifications that contain email attachments.

The users may also visit the detailed security tips from CISA about avoiding social engineering and phishing attacks for awareness.

Recently, we also heard of two other phishing campaigns actively going in the wild. One of these campaigns tricks users by generating fake alerts about the receipt of an encrypted message. Whereas, the other one exploits Google Calendar alerts to bluff users.

Let us know your thoughts in the comments.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!