News

Beware of 9/11 phishing attacks

Published August 23, 2011

The Department of Homeland Security (DHS) is warning us to look out for phishing attacks trying to take advantage of the 10th anniversary of the 9/11 attacks.

Normally there is an increase in malicious cyber activity centering on high-profile events or the anniversaries of such events. Government agencies, private organizations, and individual citizens could possibly become recipients of malicious activity, most commonly in the form of socially engineered spear-phishing emails.

These emails will appear to come from a reputable source, with the email subject closely aligned to 9/11 and usually of interest to the recipient. The email may seem to be from a charity that helps the families of 9/11 victims. In most cases it will contain a malicious attachment with a name that entices us to open it.

When opened, the attachment launches malicious software into the user's system, often in the form of a key logger or remote access Trojan horses.

DHS/US-CERT is collecting phishing email messages and web site locations so that we can help people avoid becoming victims of phishing scams. You can report phishing to US-CERT by sending email to phishing-report@us-cert.gov.