One of our housing authority client recently received a Trojan virus attachment disguised as a section 8 housing voucher.
File name: HCV_SECTION_8_VOUCHER.pdf
As you can see from the image above, a PDF attachment was included in an email disguised as an HCV section 8 voucher. This type of attack indicates that the attacker is familiar with the nomenclature of the housing authorities and are are sending targeted phishing emails (spear phishing) in an attempt to penetrate the network systems via unsuspecting users opening what they believe is a housing voucher.
For this reason, it’s important that all e-mail enabled users exert extra caution and follow these steps:
1. When receiving vouchers, call the sending HA and verify its authenticity. Treat all unexpected email as suspicious.
2. Never click on a link or graphic icon within a PDF as a means of retrieving the information. A PDF should display its data immediately after being opened.
3. Ask you staff to complete our training course on phishing prevention and look for tell-tale signs of phishing from unexpected emails.
How to Tell
1. The sender is not an HA or the domain is spoofed.
2. Use an AV scanner that checks attachments, removes malware and appends a warning message in the subject. Make sure S8 agents are checking the warnings.
3. Check the email body for messages that state that you do not often receive emails from the sender or that the sender is outside the organization. Proceed with caution.
4 & 5 Look for generic salutations, body text and signature files, coupled with an email that is unexpected, it’s a strong indicator of phishing.
ALWAYS CALL THE SENDER!! verify authenticity by contacting the sender HA, it’s the only way to be 100% sure!