US-Cert recently published an article about a new phishing attack, which is aimed as specific targets in the US Government.
The Story:
US-CERT is aware of public reports of a phishing attack that specifically targets US government and military officials' Gmail accounts. The attack arrives via an email sent from a spoofed address of an individual or agency known to the targeted user. The email contains a "view download" link that leads to a fake Gmail login page. The login information is then sent to an attacker. Google has indicated that this phishing campaign has been disrupted and that affected parties have been notified.
- US-CERT encourages users and administrators to do the following to help mitigate the risks:
- Review the Google blog entry Ensuring your information is safe online.
- Do not follow unsolicited web links or attachments in email messages.
- Use caution when providing personal information online.
- Verify the legitimacy of the email by contacting the organization directly through a trusted contact method.
- Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
- Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
- Refer to the Using Caution with Email Attachments document for more information on safely handling email attachments.
Relevant Url(s):
http://www.us-cert.gov/cas/tips/ST04-014.html
http://www.us-cert.gov/reading_room/emailscams_0905.pdf
http://googleblog.blogspot.com/2011/06/ensuring-your-information-is-safe.html
http://www.us-cert.gov/cas/tips/ST04-010.html
Original Article: http://www.us-cert.gov/current/index.html#gmail_phishing_attack
No comments:
Post a Comment