Potential WikiLeaks Phishing Scams

US-CERT Current Activity

Potential WikiLeaks Phishing Scams

Original release date: December 1, 2010 at 5:42 pm
Last revised: December 1, 2010 at 5:42 pm


In the past, US-CERT has received reports of phishing scams and
malware campaigns related to topics that are of high-interest to the
U.S. Government or news media, such as the WikiLeaks website. Users'
systems have been compromised by receiving and accessing phishing
emails with subject lines that seem relevant to a high-interest
subject and appear to originate from a valid sender. US-CERT reminds
users to remain vigilant for potential malicious cyber activity
seeking to capitalize on interest in WikiLeaks. Users are advised to
exercise caution in handling any email with subject line, attachments,
or hyperlinks related to WikiLeaks, even if it appears to originate
from a trusted source.

US-CERT encourages users and administrators to use caution when
encountering these types of email messages and take the following
preventative measures to protect themselves from phishing scams and
malware campaigns:

* Do not follow unsolicited web links in email messages.
* Use caution when opening email attachments. Refer to the Using
Caution with Email Attachments Cyber Security Tip for more
information on safely handling email attachments.
* Maintain up-to-date antivirus software.
* Refer to the Recognizing and Avioding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
Cyber Security Tip for more information on social engineering
attacks.

Relevant Url(s):
http://www.us-cert.gov/cas/tips/ST04-014.html

http://www.us-cert.gov/reading_room/emailscams_0905.pdf

http://www.us-cert.gov/cas/tips/ST04-010.html