White House Phishing Campaigns

Summary

Email security firm Inky discovered phishing campaigns in which threat actors attempt to impersonate the White House in order to distribute malware. One of the phishing campaigns contains a link that, if clicked, will direct the target to a spoofed White House website. A document containing Coronavirus guidelines is then downloaded and, if content is enabled, malware will be installed. The fraudulent website has since been taken down. In a separate phishing campaign, the sender impersonates Vice President Pence and claims the target’s company is involved in human trafficking, drug dealing, and money laundering. The email employs scare tactics and agrees to keep these matters quiet by reaching an “agreement” in the form of a bitcoin payment.

Recommendations

The NJCCIC recommends users and organizations educate themselves and others on these continuing threats and tactics to reduce victimization. Users are advised to avoid clicking links, opening attachments, or providing personal or financial information in response to emails from unknown senders and exercise caution with emails from known senders. If you are unsure of an email’s legitimacy, contact the sender via a separate means of communication. Further details can be found in the Inky report and the Bleeping Computer article.