The U.S. Federal Bureau of Investigation (FBI) released an alert this week warning the general public of the risks behind recently registered FBI-related domains that spoof some of its official websites.
The federal law enforcement agency says that spoofed domains and email accounts (that can easily be mistaken for legitimate websites or emails) could be used by foreign actors and cybercriminals for various purposes, for example, to spread false information and malware, collect valid usernames, passwords, and email addresses, as well as personally identifiable information.
“Cyber actors create spoofed domains with slightly altered characteristics of legitimate domains. A spoofed domain may feature an alternate spelling of a word, or use an alternative top-level domain, such as a "[.]com" version of a legitimate "[.]gov" website. Members of the public could unknowingly visit spoofed domains while seeking information regarding the FBI's mission, services, or news coverage. Additionally, cyber actors may use seemingly legitimate email accounts to entice the public into clicking on malicious files or links,” the FBI said.
Currently, there are no evidence that these lookalike domains are being used in malicious campaigns, but the agency believes that they could be leveraged as part of future attacks.
The alert provides a list of spoofed FBI-related domains, as well as recommendations for users on how to avoid the risks (listed below):
Verify the spelling of web addresses, websites, and email addresses that look trustworthy but may be imitations of legitimate election websites.
Ensure operating systems and applications are updated to the most current versions. Update anti-malware and anti-virus software and conduct regular network scans.
Do not enable macros on documents downloaded from an email unless absolutely necessary, and after ensuring the file is not malicious.
Do not open emails or attachments from unknown individuals. Do not communicate with unsolicited email senders.
Never provide personal information of any sort via email. Be aware that many emails requesting your personal information may appear to be legitimate.
Use strong two-factor authentication if possible, using biometrics, hardware tokens, or authentication apps.
Use domain whitelisting to allow outgoing network traffic to websites that are deemed safe.
Disable or remove unneeded software applications
Verify that the website you visit has a Secure Sockets Layer (SSL) certificate