FBI in Threat Warning After Surge in Spoofed Domains
The FBI is warning internet users to be on high alert for website and email domains masquerading as those of the crime-fighting agency.
The Bureau claimed in a Public Service Announcement that it has detected multiple threat actors registering fake domains mimicking legitimate FBI ones, which could be the precursor to a new campaign.
Cyber-criminals typically register domains that look identical to those of their victims, but which contain very small differences, such as an alternative TLD after the dot, or a slightly different spelling. Internationalized Domain Names (IDNs) also offer opportunities to use Cyrillic and other letters that look very similar to Roman alphabet characters.
Internet users could visit such sites of their own accord or be prompted to do so via phishing emails which also use spoofed domains to appear more trustworthy.
“Spoofed domains and email accounts are leveraged by foreign actors and cyber-criminals and can easily be mistaken for legitimate websites or emails,” the noticed warned.
“Adversaries can use spoofed domains and email accounts to disseminate false information; gather valid usernames, passwords, and email addresses; collect personally identifiable information and spread malware, leading to further compromises and potential financial losses.”
The Feds urged members of the public to ensure web and email addresses are correctly spelled, and that operating systems, computer software and anti-malware tools are all up-to-date.
It recommended users to disable Macros, and to never open unsolicited emails or attachments, or provide personal information to the sender.
Multi-factor authentication for log-ins and domain whitelisting were also recommended.
Tim Helming, security evangelist at DomainTools, argued that part of being security aware is becoming familiar with common abuse patterns.
“In this case, many of the illegitimate domains use various other words in conjunction with ‘fbi,’ which is a common practice by malicious actors. However, since legitimate organizations do own variations on their own domain names, internet users also need to consider the context of any link they are presented with,” he added.
“For example, if a link referring to the FBI (or other government agency) arrives as an unsolicited text message, there is a high likelihood of fraud. When in doubt, users should type the simplest version of the domain name (such as fbi.gov) into the browser, and navigate around the site to find the content they seek.”