Threat Alert: BEC Lures Imitate US Fire Administration

• Cybercriminals have launched a series of business email compromise (BEC) phishing attacks impersonating the US Fire Administration. 
• These attacks use the spoofed email address Vince.Hodge[@]usfa-fema[.]com; replying to the email sends an email to Vince.Hodge-USFAFEMA-GOV[@]outlook[.]com.
• These lures contain a benign PDF attachment for a request for quotation (RFQ) on various items. 
• These scams likely aim to build trust and credibility before sending a fraudulent invoice.  

Key Actions (at Work and at Home)

• Remain alert to phishing indicators. Mismatches between sending addresses and an organization’s name are always warning signs, as are mismatches between an apparent sending address and then the reply-to address. 
• Familiarize yourself with standard payment processes. Communications regarding payments should only ever come from known, organizational email addresses. If in doubt, always navigate directly to internal portals to double check the legitimacy of payment-related changes or email the finance or HR teams before interacting with a message.     
• Report ANY suspicious emails using the Phish Alarm button. Remember: Our organization occasionally sends phishing simulations.