E-mails spoof DOJ address

A trickle of phony e-mails purporting to be from the Justice Department and carrying apparently malicious attachments has been found by security researchers from MX Logic, an anti-spam company.

The subject line mentions an update about a complaint with a complaint number, and the body of the message informs the recipient that a claim has been filed against his company. It includes a 124K attachment named 'complaint.zip.'

'We don't have any targeting information now,' said Sam Masciello, MX Logic director of threat management. But the e-mails are similar to a spate of spam that emerged in May and June last year, targeting C-level executives. Like those messages, these mention the recipient's name and company in the body of the message, adding to their credibility. 'They are trying to lend more legitimacy to the campaign.'

Last year's attack e-mails carried a keylogging program as their malicious payload.

High-level executives can be attractive targets for cybercriminals because they can have broad access to sensitive corporate information. They also can be larger security risks, because they tend to hold themselves above the security policies implemented to protect the organization, are mobile and busy and like to use the latest gadgets, but often are less savvy about technology and its risks.

The current attack is low and slow, flying under the radar with a low volume of traffic, Masciello said. It appears to have peaked two days ago at several hundred e-mails an hour and has dropped off some since then, although it still is being seen. Some examples of the e-mail came from an IP address in Italy.

The e-mail is well-formatted with an image captured from the DOJ Web site to add credibility, but the body of the message includes some grammatical errors and misspellings, such as using the word 'filled' instead of 'filed.' The same mistake was found in last year's e-mails.

'The level of sloppiness has been a tipoff for some time' to phony e-mails and is a common flaw in their social engineering, Masciello said, although some e-mails are getting better.

Because of the misspellings and the fact that the name of the attachment appears to remain the same in each copy, the e-mails are easy to block, he said.

About the Author

William Jackson is a Maryland-based freelance writer.


  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected