The Federal Bureau of Investigation (FBI) this week issued an alert to warn the public of spoofed FBI-related Internet domains.
According to the agency, “unattributed cyber actors” are registering domains designed to spoof legitimate websites pertaining to the FBI, “indicating the potential for future operational activity.”
In addition to spoofed domains, state-sponsored actors and cybercriminals are leveraging spoofed email accounts to trick unsuspecting victims into revealing sensitive, personal information.
“Adversaries can use spoofed domains and email accounts to disseminate false information; gather valid usernames, passwords, and email addresses; collect personally identifiable information; and spread malware, leading to further compromises and potential financial losses,” the FBI warns.
To ensure the success of their attempts, the threat actors create domains that feature slightly modified characteristics of legitimate domains. These spoofed domains may contain the alternate spelling of a word in their name or use an alternative top-level domain.
Due to these subtle alterations, unsuspecting victims may be tricked into visiting the spoofed domains when looking for information on the FBI’s mission and services, or news coverage. Furthermore, spoofed email accounts may be used to entice individuals into opening malicious files or clicking on links.
“The FBI urges all members of the American public to critically evaluate the websites they visit, and the messages sent to their personal and business email accounts, to seek out reliable and verified FBI information,” the agency notes.
Users are advised to always check the spelling of websites and email addresses, to ensure that their operating systems and applications are always kept updated, and to use anti-malware software that is kept up to date.
Furthermore, the FBI advises users to never enable macros on documents that were received via email unless absolutely necessary and only after the file was scanned with an anti-virus application, and to refrain from opening emails or attachments from unknown individuals.
Personal information should never be provided over email, strong two-factor authentication should be enforced whenever possible, and domain whitelisting should be employed to only allow traffic to websites considered safe.
Users are also advised to disable or remove software that is no longer used or needed, as well as to verify that the visited websites have an SSL certificate (although threat actors are also known to employ encryption to increase the legitimacy of their websites).
“There are a wide range of reasons individuals or groups might have to spoof law enforcement or government websites. These specific examples are likely to be the potential for monetary gain through credential theft, as online reporting of crime is a feature of the genuine FBI website. The motive could also be more sinister, with the potential misuse to spread disinformation, and/or to impact the credibility and trust that individuals have in any agency or department,” Carl Wearn, head of e-crime at Mimecast, said in an emailed comment.
“Spoofing or the use of law enforcement credentials to defraud or scam people has been a regular tactic of fraudsters for a long time, even preceding the internet, as criminals seek to exploit the trust society places in these particular organisations and the enhanced likelihood of compliance with their instructions given that trust. Please ensure you go to any genuine website via your browser, and do not click on links in emails or other electronic communications which may take you to these fake or spoofed websites and steal your personal details or worse,” Wearn added.