The Department of Homeland Security is aware that one of the SAFECOM Member Public Safety & Emergency Service Associations has become the target of a reasonably sophisticated “spear-phishing-attack”.  Spear-phishing is a targeted e-mail cyber-attack seeking unauthorized access to confidential data, or a mechanism to deliver malicious code to a targeted individual.  This spear-phishing attempt appeared to come from the true email address of the Executive Director of a public safety association, (suspected spoofing) seeking to have the entire organization membership list to include email addresses and phone numbers to be returned to the real email address of the Executive Director and a copy also sent to a second counterfeit-email account at yahoo.com. 

In this incident the target of the spear-phishing attack recognized the suspicious email nature and acted to validate the request by phone, thwarting the attack and preventing loss of confidential membership information.  The FBI and US CERT are investigating.

Additional information will be forward from the National Cybersecurity and Communications Integration Center within the US Department of Homeland Security as it becomes available.

CAUSE: Spear-phishing

CURRENT ACTIONS:  NCCIC/NCC is coordinating with NCCIC/US-CERT to review and analyze the data; NCCIC FBI LNO to investigate if there are any related open cases; and Emergency Services SSA for awareness.

INFORMATION:  For more information about reporting phishing attempts, please see the US-CERT website https://www.us-cert.gov/report-phishing/.  Details are based on initial reporting; updates will be provided as the situation develops. If any additional information is available from your organization please submit to NCC@HQ.DHS.GOV.