DHS Email Phishing Scam

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of an
email phishing scam that tricks users into clicking on malicious attachments
that look like legitimate Department of Homeland Security (DHS) notifications.
The email campaign uses a spoofed email address to appear like a National Cyber
Awareness System (NCAS) alert and lure targeted recipients into downloading
malware through a malicious attachment.

CISA encourages users and administrators take the following actions to avoid
becoming a victim of
engineering and phishing attacks

  • Be wary of unsolicited emails, even if the sender
    appears to be known; attempt to verify web addresses independently (e.g.,
    contact your organization’s helpdesk or search the internet for the main
    website of the organization or topic mentioned in the email).
  • Use
    caution with email links and attachments
    without authenticating the
    sender. CISA will never send NCAS notifications that contain email
  • Immediately report any suspicious emails to your
    information technology helpdesk, security office, or email provider.