BGD e-Gov CIRT Cautions Civil Servants on Cyber Scams

Fraudulent emails are being sent from compromised government email accounts, some even originating from official agencies and law enforcement institutions, warns BGD e-Gov CIRT (Bangladesh Government’s Computer Incident Response Team), under the ICT Division. In a report published on its website on Wednesday, August 6, the cyber watchdog called for heightened caution among public officials.

This warning follows an earlier advisory from Bangladesh Bank, issued nearly a week prior. According to the CIRT report, many of the malicious emails contain embedded phishing links hidden within image attachments such as JPEG or PNG files. Some also include suspicious DOCX attachments that can compromise the user’s email access if opened.

The agency illustrated one such phishing email in its report, which appeared to be about a scheduled meeting at a ministry (unnamed in the sample email) regarding plans for the Rooppur Nuclear Power Plant, prepared by the Bangladesh Atomic Energy Commission. The email, seemingly from a senior secretary, included a .doc file attachment.

Phishing emails are deceptive messages that appear to be from known individuals or institutions, crafted to trick recipients into clicking on harmful links, installing malware, or disclosing sensitive information. They are often convincingly disguised as legitimate communications.

To counter these threats, CIRT issued several key recommendations: avoid clicking unknown links or downloading suspicious attachments; verify the sender even if the email appears to be from an official domain; never share login credentials via email or on unauthorized websites; enable multi-factor authentication on critical accounts; regularly train staff to identify phishing threats; and report any suspicious emails to CIRT. The agency also urged organizations to strengthen their internal cybersecurity management.