Getty Images

Threat Actors Spoofing Legitimate FBI Site Domains, Poses Cyberattack Risk

A recent FBI warned of an increase in the number of registered internet domains and email addresses spoofing legitimate FBI sites, which poses a potential cyberattack risk.

The FBI released an alert warning of a new cybercriminal campaign that spoofs the internet domains and email addresses related to the FBI, which poses the risk of future cyberattacks and other nefarious operational activity.

As noted in other agency alerts, in spoofing campaigns, threat actors, including nation-state hacking groups, leverage spoofed domains and email accounts to trick users into believing they’re interacting with legitimate sites. The attack method preys of human nature, often leveraging ongoing news trends to increase the success of the attacks.

These campaigns are designed to steal user credentials or for financial gain. An August IRONSCALES report found a drastic increase in successful credential theft attempts sent through spoofed login pages and social engineering attacks during the first half of the year, and the most common recipients were those in the healthcare sector.

Recent spoofing campaigns include the use of free Google services, phishing campaigns mimicking COVID-19 loan relief companies, Microsoft Teams, and a fake Department of Health and Human Service COVID-19 vaccine tracker.

“Spoofed domains and email accounts are leveraged by foreign actors and cybercriminals and can easily be mistaken for legitimate websites or emails,” according to the latest FBI alert. 

“Adversaries can use spoofed domains and email accounts to disseminate false information; gather valid usernames, passwords, and email addresses; collect personally identifiable information; and spread malware, leading to further compromises and potential financial losses,” it continued.

Successful campaigns will employ spoofed domains with slightly altered characteristics of legitimate domains, including an alternate spelling or a top-level domain, such as a .com version of a .gov site.

As a result, the latest campaign could enable users to inadvertently visit a spoofed FBI domain, when looking for legitimate information about the agency’s mission, news, or services. These attackers may be using the spoofed-FBI domains to entice users into downloading malicious files or clicking harmful links.

Organizations should remind employees to verify the spelling of web addresses, sites, and email addresses that appear legitimate but may actually imitate trustworthy sites. Administrators should ensure operating systems, applications, antivirus software, and anti-malware are up to date, while conducting regular network scans.

Further controls include ensuring macros aren’t enabled on documents downloaded from email accounts, unless absolutely necessary, and only after ensuring the file isn’t malicious. Emails and attachments should never be opened from unknown individuals. 

Employees should be reminded not to communicate with unsolicited email senders and to never provide any personal information sent via email, while increasing awareness training that highlights that many emails requesting personal information may appear to be legitimate.

Strong two-factor authentication should also be implemented, using hardware tokens, biometrics, or authentication applications whenever possible. Domain whitelisting should be implemented to allow outgoing network traffic to websites deemed safe, while administrators need to disable or remove unnecessary software applications.

Lastly, any websites visited by the user should be verified to ensure it has a Secure Sockets Layer (SSL) certificate.

Phishing education and training for employees has been proven to reduce the cyber risk of email threats to the healthcare sector.

Given the joint federal agency alert regarding the ongoing ransomware attacks on healthcare entities, those organizations should also refer to spear-phishing insights from Europol and COVID-19 cyber scam advice from the Office for Civil Rights to better understand this effective threat method and possible mitigation techniques.

Next Steps

Dig Deeper on Cybersecurity strategies