TT-CSIRT-408.31.10.22: Phishing Alert

The Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) is aware of a phishing email originating from the Ministry of Foreign and CARICOM Affairs’ domain “foreign.gov.tt”. In this respect we are advising all persons not to open any emails received from the Ministry of Foreign and CARICOM Affairs with the following details:

• Subject: “Re: proof of payment from our treasurer’s office”
• Attachment: “foreign.gov.payment.html.zip”

Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) from the Ministry of National Security is working closely with the IT Unit of the Ministry of Foreign and CARICOM Affairs to investigate this incident.

Persons who receive the email are advised to delete it immediately and report it to the TT-CSIRT via https://ttcsirt.gov.tt/report-an-incident. If you are unsure about the legitimacy of any email, please contact your in-house IT department for verification. 

Email administrators are advised to check their mail systems to determine whether emails with the aforementioned subject are being received or sent and contact the TT-CSIRT if you see suspicious activity via https://ttcsirt.gov.tt/contact-us/  

In the event that the attachment has been unzipped and opened, a phishing website will be rendered to the user resembling a DocuSign login page requesting the user’s credentials. Users are strongly advised against visiting the URL and submitting information to the form.

If you have submitted your credentials to this website, you must alert your IT department and change your password immediately. If you have reused this password on other accounts, this must also be changed.