Florida Rep. Randy Fine says he walked straight into the start of a phishing play this week, when what looked like a routine television interview request landed in his inbox just as combat operations kicked off in the region. His office says the approach came almost immediately after the fighting began. A staffer started to engage, then backed out after noticing the embedded links did not work. Soon after, U.S. Capitol Police told the office the outreach might have originated overseas. Fine says he reported the incident to the FBI and believes the attempt targeted his personal Google account, something he says has him worried about his own safety.
“A skilled impersonator created something appearing just like Newsmax to attempt to do an interview with me,” Fine told Fox News Digital. According to Fox News Digital, which reviewed the emails, the sender domain was spelled "news-max.org" instead of the real outlet. U.S. Capitol Police told Fine the outreach could have come from an Iranian state actor, and the outlet reported that the FBI opened an investigation. The bureau declined to comment to Fox News.
Local coverage from WTTE backed up Fine’s description of the episode and underscored the timing, noting that the suspicious approach began “literally the day after combat operations began.” WTTE reported that a staffer initially interacted with the email before realizing the links were nonfunctional and that Fine has described a recent rise in threats and impersonation attempts around both his home and his office.
Feds Say The Email Looks Like Part Of A Larger Iran Campaign
On March 19 the Justice Department announced it had secured court approval to seize four internet domains that officials say were run by Iran’s Ministry of Intelligence and Security. According to a DOJ press release, the sites were allegedly used to claim hacks, post stolen data and stir up violence. The department cited handala-hack[.]to and handala-redwanted[.]to among the domains and said one of the seized addresses had been used to claim responsibility for a destructive March cyberattack on a U.S. medical-technology company. DOJ officials framed the move as part of a broader push to disrupt Iranian cyber-enabled psychological operations.
Why Cybersecurity Experts Are Watching Closely
Security researchers say the online persona known as Handala took credit for a March 11 “wiper” attack that knocked systems at Stryker offline, and investigators have noted that the operation appeared to weaponize legitimate management tools to trigger mass device wipes, according to KrebsOnSecurity. That incident led to federal guidance urging organizations to lock down endpoint-management platforms such as Microsoft Intune, and CISA followed with an alert calling for specific configuration steps and tighter administrative controls to lower the odds of similarly destructive attacks.
Why Lawmakers And Staff Are In The Crosshairs
Fine, a high-profile and vocal supporter of aggressive action in the region, told Fox News Digital he felt “clearly targeted” by the fake interview request and described the entire experience as “very stressful.” Federal officials say public figures, congressional staff and members of diaspora communities have been singled out in recent months for a mix of doxxing, impersonation attempts and phishing that track with the wider conflict, and investigators have urged government offices to treat any surprise media invitations or login prompts as possible bait.
So far Fine’s office has not said whether any data was actually accessed, and the FBI has kept the status of its investigation under wraps. The DOJ domain seizures and the recent disruption at a major medical-technology firm highlight how fast geopolitical tensions can morph into targeted online operations. Cybersecurity professionals say members of Congress and their teams should assume they will remain in the digital crosshairs for as long as the conflict continues.
.jpg){kind=link}