DarkFiber Consulting – IT Managed Services

DHS Email Scam

September 11th, 2008 . by DarkFiber Consulting

DarkFiber Consulting is aware that spam email messages are being sent that appear to come from high-level DHS officials, some of which attempt to entice the user into an advance fee fraud scam. In some cases, the sender’s address has been spoofed so that the email appears to come from a legitimate dhs.gov address.

DarkFiber Consulting encourages users to do the following to help mitigate the risks:

Airline E-ticket Email Attack

July 31st, 2008 . by DarkFiber Consulting

DarkFiber Consulting is aware of public reports indicating that a new email attack is circulating. This attack uses email messages that appear to be from legitimate airlines and contain information about a bogus e-ticket. These email messages instruct the user to open the attachment to obtain the e-ticket. If a user opens this attachment, a file may be executed to infect the user’s system with malicious code.

Reports, including a posting by Sophos, indicate that these messages have the following characteristics. Please note that these attributes may change at any time.

  • The subject line “E-Ticket#XXXXXXXXXX”
  • An attachment named “eTicket#XXXX.zip”

DarkFiber Consulting encourages users and administrators to take the following preventative measures to help mitigate the security risks:

U.S. Customs and Border Protection Email Attack

July 25th, 2008 . by DarkFiber Consulting

DarkFiber Consulting is aware of public reports of an attack circulating via bogus email messages that claim to be from “US Customs Service.” The messages may contain the subject line “Parcel requires declaration” and indicate that a parcel has been received addressed to the recipient of the email. These messages may also encourage users to open an attachment to the message that may contain malicious code.

DarkFiber Consulting encourages users to do the following to help mitigate the risks:

  • Review the alert posted by the U.S. Customs and Border Protection regarding this issue.
  • Do not open attachments contained in unsolicited email messages.
  • Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
  • Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
  • Install anti-virus software and keep virus signature files up to date.

DarkFiber Consulting will provide additional information as it becomes available.