Phishing Schemes and Emails
In recent weeks, we’ve seen several emails that appear to originate from X12 distribution group email addresses but didn’t originate from our email systems. The malicious actor probably scraped the email addresses from X12’s public webpages, so we’ll be removing those distribution group addresses from the website and encourage people to use the Contact Us or Feedback form to contact the appropriate X12 party.
Phishing remains a widespread and evolving threat across digital ecosystems. At X12, we recognize the seriousness of these attacks and the potential impact they can have on your operations. While we do not directly intervene in phishing incidents or prescribe tooling or remediation strategies, we want to ensure our constituents remain informed. We encourage you to consult with your internal IT and security teams, who are best positioned to assess risk and implement policies tailored to your environment.
Here are some key Phishing Email Indicators:
- Sender's address: The sender's address may look like a real one, but with an extra letter or period, or you’ll notice an entirely different email address if you hover over the sender’s name.
- Domain: The email may use a different domain or a misspelled domain name.
- Links: The email may contain links that don't match the domain or that point to a malicious website.
- Attachments: The email may include unsolicited attachments that look like real documents but contain malware.
- Tone: The email may use an unfamiliar tone or greeting, or try to panic the recipient.
- Spelling and grammar: The email may contain poor spelling and grammar.
- Request for sensitive information: The email may ask for personal information like credit card numbers, social security numbers, or passwords.
- Impersonalized: The email may not be personalized to the recipient.
For example, the below screenshot is a classic phishing attempt using tone to create urgency and completely impersonalized threats which can be applied to any recipient. Using this example, the email address, licensing@x12.orgcannot send emails, as it’s a distribution list that can only receive emails, yet the scammer makes it appear that the email originated from licensing@x12.org, and ironically enough, was sent to licensing@x12.org.
We’ve been notified of several other examples that appear to have been sent from X12 email addresses that can’t send emails, such as X12N-TGH-Chair@x12.org, which is a distribution group. Again, this distribution group email address was likely scraped from X12’s public webpages, so in an effort to minimize these occurrences, we’ll remove them and encourage people to use the Contact Us or Feedback form.
Thank you for your vigilance in sharing these phishing attacks with us.
Safe browsing,
X12 Support Team