Wednesday, August 26, 2009
Fake DHS e-Mail
I ran into an interesting, but too short, article over on SecurityManagement.com about a series of fake emails. Apparently they appear to have come from DHS intelligence folks, but were really malware containing missives from IP addresses in Latvia and Russia. The emails contained links to known password stealing software. The article notes that DHS has sent out warnings to Defense Department and state and local officials. Nothing has been said about these fake emails going to private companies, but it is probably just a matter of time. Neither has anything been said about the warning going out to private companies. Unfortunately, there is no word in the SecurityManagement.com article or the source AP article about how sophisticated the scam actually is. I have seen similar emails where the source address was well hidden from standard email software and others where the actual origination address was clearly shown. I would be interested in hearing from anyone in the chemical security community if they have seen either one of the fake emails or a notification from DHS about the problem. If the problem is making its way down to the chemical security community I certainly want to get the word out.