Fraudsters Spoof FBI DomainBureau Identifies Nearly 100 Spoofed Websites Created by Cybercriminals
The FBI has identified nearly 100 spoofed websites that use some incarnation of the agency's name. Fraudsters and other cybercriminals potentially could leverage for disinformation campaigns and credential theft.
See Also: A Toolkit for CISOs
The FBI notes in an alert that cybercriminals outside the U.S. and other threat actors are spoofing the FBI's official website - www.fbi.gov. Although the agency has not yet detected any illegal activity that uses these domains, it warns they could be used to spread false information, harvest personally identifiable information or distribute malware.
"Cyber actors create spoofed domains with slightly altered characteristics of legitimate domains. A spoofed domain may feature an alternate spelling of a word or use an alternative top-level domain, such as a '[.]com' version of a legitimate '[.]gov' website," the FBI notes.
Individuals could unknowingly visit spoofed domains while seeking information regarding the FBI's mission, services or news coverage, the bureau says. Additionally, fraudsters may use seemingly legitimate email accounts to entice the public into clicking on malicious files or links.
"A key target for these attacks are mobile users, who may be more convinced with a short URL that they can see in its entirety," says Chris Hazelton, director of security solutions at security firm Lookout says. "Short URLs that include 'FBI' are more likely to trick users into reacting, particularly when received in a text message. Users are three times more likely to click on a phishing link on a mobile device than on a laptop."
Since the onset of the COVID-19 pandemic, security experts have warned that fraudsters and cybercriminals are increasingly using spoofed websites of federal agencies.
Earlier this month, researchers at Abnormal Security uncovered a phishing campaign that spoofed the U.S. Internal Revenue Service domain in an attempt to trick targeted victims into sending money to fraudsters (see: IRS Domain Spoofed in Fraud Campaign).
In October, security firm Proofpoint found a phishing campaign that spoofed the U.S. Election Assistance Commission domain to harvest banking credentials, account data and vehicle identification information (see: Fraudsters Alter Election Phishing Scam).
Proofpoint also found fraudsters were using spoofed website templates with COVID-19 themes as part of phishing attacks designed to steal login credentials and banking data. These malicious templates included a spoofed IRS website (see: Spoofed Website Templates Help Spread COVID-19 Scams: Report).