KIT-CERT

Live SPAM-Attack using spoofed KIT email addresses

The KIT is currently the target of a SPAM attack. Members of the KIT are receiving emails that seem to have been sent by another member of the KIT using a spoofed email address.

The SPAM emails are distributed using compromised email accounts hosted by external email providers. These email providers permit the so-called spoofing of email addresses, i.e., sending emails using a different email address than the one connected to the compromised email account.

The SPAM emails belonging to the current SPAM attack are not originating from KIT servers. Additionally, the KIT accounts belonging to the KIT email addresses, that are misused for spoofing the sender's address, are not compromised.

The content and subject of the SPAM emails is subject to variations. Therefore, it is possible that some SPAM emails are not correctly identified and marked as SPAM. Once a variation of a SPAM email has been correctly learned by the SPAM filter, follow-up SPAM emails of that kind are marked as SPAM and are sorted into the respective SPAM folder of the email programm (e.g. Exchange). It is recommended that, in case SPAM emails continue to be sorted into the regular in-box folder, the self-established SPAM sorting rules are checked and adjusted as necessary.