To: CORSA Members, Agents, Broadcast Email Members, Vendors, and Staff: We have learned that several people recently received spoofed emails that appear to come from CCAO email addresses. Spoofed emails try to get recipients to click on malicious links or attachments. Our Network Administrator verified that these spoofed emails are not coming from our server or Broadcast system. Our system is secure. Continue to closely review every incoming email. If it looks strange - don't click, delete it! Call the CORSA representative that is listed as the sender if you are uncertain about the legitimacy of the email. Don't be fooled if the from line contains what appears to be a "CCAO.org" address. Generally, the last email address contained in the email from line is the actual email address. "Email addresses" that appear before the final email address are bogus. Bad actors will often insert an accurate email address before the actual originating email address. For example, a from line that contains the following is a spoofed email: Tricia Callihan <tcallihan@ccao.org<mailto:tcallihan@ccao.org>> <morishima.kunio@kanokom.com<mailto:morishima.kunio@kanokom.com>>. Below is a screenshot of a recent spoofed email: [cid:image001.jpg@01D67D47.AE9070E0] The spoofed emails were generated from external IP address(es) and made it past some recipient's anti-phishing (spam) filter. Unfortunately, there is no way to avoid external spoof emails; however, we have placed spoof emails originating from external IP address(es) on a blacklist to prevent those IP addresses from sending spoofed emails that appear to come from a ccao.org email address. If you receive other spoofed emails, please let us know and we will blacklist those as well. Please consult your IT department/provider to assess your inbound anti-phishing (spam) protection and other cybersecurity measures that may be necessary. We will continue to monitor this situation and be in contact as developments warrant. As always, thank you for your continued vigilance monitoring emails as part of your cybersecurity efforts. Feel free to contact me with questions or if you would like to discuss this matter.
