SecurID users targeted by fake NSA email
RSA's SecurID token users have recently been targeted with fake emails supposedly coming from the US National Security Agency urging them to update their token code.
The address from which the emails are sent has been spoofed and says "protection@nsa.security.gov", but the offered malicious links take the victim to the national-security-agency.com domain, which according to Cyveillance, has been registered only the day before the spam run was started.
"A critical vulnerability has been discovered in a certain types of our token devices," warns the email, counting on the fact that the user is already aware of the RSA hack executed earlier this year and its implications for the security of the company's SecurID tokens.