The US, Department of Homeland Security (DHS), Cyber Intelligence Network (CIN) is aware of a Thanksgiving Day-themed phishing email campaign with at least two variants targeting US government entities.  The campaign began on 19 November 2018, and the phishing emails include Thanksgiving Day-themed subject lines with holiday-themed titled documents.  The emails spoof legitimate government senders and attempt to deliver malware to legitimate government entities.  The reported agencies that have been spoofed include multiple fusion centers, Information Sharing and Analysis Centers (ISACs), and the DHS.  The senders’ email addresses were only spoofed and no user email accounts were compromised.

Email variant one: Subject line: “Thanksgiving Day congratulation”

Email variant two:

Subject line: “Thanksgiving Day Greeting Card”

Document title: “Thanksgiving-Congratulation.doc” Document title: “Thanksgiving-Day-Card.doc”

MD5: 1029e263a5a7517089054f7968ec71a5

MD5: 2007a12a1723032b5aa565bc7a561d63

If you receive this type of a spoofed government email, Do not open the email.  These examples demonstrate both the use of official email addresses to trick users and the US holiday time frame (pre-Thanksgiving  Day to New Year’s Day) to lure an unsuspecting user to open the email and thus received malicious malware.  The traditional US and Western Europe Christmas holiday time is infamous for these type cyber-attacks, usually for financial fraud.     

For questions, comments or assistance regarding this report, please contact Wapack Labs at 844-492-7225, or feedback@wapacklabs.com



You need to be a member of Red Sky Alliance to add comments!

Join Red Sky Alliance


  • As Wapack Labs predicted, there was a significant spike in malicious emails that were distributing malware under pretense of a Thanksgiving-related topics: For example on 26 November 2018 we saw following emails:
    Time / Email Subject Line / Number of Antivirus Detections / Reference
    November 26th 2018, 22:33:09.000 / Thanksgiving wishes / 29 / https://virustotal[.]com/en/file/1cc6ec1976c3cddcdc4652aa088c60810f4e9e176c43013269d59ccd797ef7b8/analysis/
    November 26th 2018, 22:10:53.000 / The Thanksgiving Day eCard / 33 / https://virustotal[.]com/en/file/8f41b6ef2b12d9bb2da42a136e78c58d12b12075f416fe3fa11d868d9c82545e/analysis/
    November 26th 2018, 20:34:10.000 / Amanda Howells Thanksgiving Day wishes/ 27/ https://virustotal[.]com/en/file/231458ba522e1ba32d8e2c3d928b09efc6025e86c49827346c55ecbe7b18e8ec/analysis/
    November 26th 2018, 19:59:46.000 / Happy Thanksgiving Day Message / 27 / https://virustotal[.]com/en/file/1f197928944ff02e57b920e693bb5745a4f1f13dbe7badbb12d0b9d3253bc9fa/analysis/
    November 26th 2018, 15:40:30.000 / Parker, Gary Thanksgiving Day Greeting Card / 28 / https://virustotal[.]com/en/file/bfd829cae79afb5cae1b99edc5d5d7b60093c99c771eb9d81b9b032a309a3a75/analysis/
This reply was deleted.