The messages notify users that they have filed a complaint with the agency and included a document with a copy of the alleged complaint. Users who open the document are infected with a keylogger that can be used to steal login information and other confidential data.
Sam Masiello, director of the MX Logic Threat Center, thinks that attack is related to two prior spam runs where the senders posed as government agencies. In January, scammers used bogus tax refund claims to lure victims. In May, emails that appeared to be from the Better Business Bureau were used to install key-loggers on victims' PCs.
"I would guess that these different variants are being sent out by the same spam gang, and are likely even targetting the same people with each new run," Masiello said in an posting to a company blog.
The attacks furthermore have similar patterns. They target business executives and managers, the messages are highly personalised and all three attacks use a malicious RTF file to install key-loggers on the targeted systems.
Masiello recommends that users immediately delete the email if an attack attempt is suspected.
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
