Jump to content

Fishing Attack - "ttb secure message"

Recommended Posts

Hey folks!

Just noticed a fishing attack. Received an email:

ttbsecure RE: [EXTERNAL]Licensing general question

New Encrypted Email from TTB

Someone at the Alcohol and Tobacco Tax and Trade Bureau (TTB) has sent you a new secure email. To read this email, you must log in to the TTB Secure Email Message Center.

If you recently sent an email inquiry to TTB this may be the reply. Even if you didn't recently send an email to us, many outgoing messages from TTB employees are encrypted for cyber security reasons.

If this is your first time receiving an encrypted email from TTB, select Register on the TTB Secure Email log in page to create an account and open your message.

Please do not reply to this notification; this message was auto-generated by TTB's secure email server. To reply to the sender of a TTB encrypted email, use your internet browser to log in to the TTB Secure Email Message Center, select the message and click Reply.

Why does TTB encrypt emails?

TTB's cyber security measures are designed to protect your sensitive information by encrypting certain outgoing email messages using a secure email service called Zix Portal. This service allows TTB to send and receive sensitive data, like tax return information or personally identifiable information (PII), via email, and helps protect you against potential identity theft.

If you would like more details about TTB's secure email service, see our Secure Email Communication With TTB page at TTB.gov.

If you have questions about the authenticity of this message please call us at 877-882-3277 / 877-TTB-FAQS.

Want to send and receive your secure messages transparently?
Click here to learn more.

Share this post

Link to post
Share on other sites

Like an idiot, I clicked on the link & it was showing an expired password. I went ahead and changed it and then it dawned on me that it looks funny & started to look closer.

The fishers now have my password & I'm in the process of changing all my password (sigh)

Please be aware

Share this post

Link to post
Share on other sites

Ttb does use encrypted emails for communication. They came from zix secure. Could easily look like a phishing email. Mine always came from someone that ended in ttb.gov.

I did have to set up an account to see the emails. Seems like a round about way to communicate but that's how they did it. Your email,may be legit if you are in the ttb approval process.

Share this post

Link to post
Share on other sites


Looks like I over reacted. I did some more digging and the link is valid.

RTFM issue as the TTB explicitly talks about it...

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...