Phishing alert: Scammers impersonate Homeland Security in email attacks
May 2, 2025
Security researchers are warning of a new phishing campaign in which cybercriminals pose as the U.S. Department of Homeland Security (DHS). The scam plays on heightened public attention to immigration policies and recent federal activity.
Some of the fraudulent emails refer to an immigration-related executive order, while others claim the recipient is owed unclaimed funds. In both cases, the goal is to trick users into clicking on malicious links that lead to fake websites.
What鈥檚 different about this campaign is that the phishing sites appear to be designed to avoid detection by cybersecurity tools. In some cases, users are redirected to legitimate government websites. In others, the page displays an error unless the visitor matches specific criteria, such as a particular location or device. This tactic is known as IP-targeted phishing or host-based cloaking, and it makes the scam harder to detect.
What to watch for
INKY, the security firm that investigated the campaign, urges users to stay alert for:
- Emails that feel urgent or threatening
- Unfamiliar or suspicious links
- Email addresses or domains pretending to be government sources but ending in .com,
.info, or .life instead of .gov or .mil
As a rule of thumb, official U.S. government websites usually end in .gov or .mil. If you鈥檙e ever unsure about a message or link, forward to ua-phishing@alaska.edu. for review.
Read the original story .