Cyber actors have spoofed legitimate FBI websites in an effort to trick people, possibly by disseminating false information or gathering credentials, according to an FBI advisory.
Spoofing official domains, whether they belong to private companies or public institutions, is just one of many steps cybercriminals take before launching an attack. In this situation, the FBI noticed that unnamed actors registered numerous domains that imitate the official URL. In most cases, the attackers are only interested in featuring the FBI letters along with other words and vastly different domain names.
“Spoofed domains and email accounts are leveraged by foreign actors and cybercriminals and can easily be mistaken for legitimate websites or emails,” says the FBI. “Adversaries can use spoofed domains and email accounts to disseminate false information; gather valid usernames, passwords, and email addresses; collect personally identifiable information; and spread malware, leading to further compromises and potential financial losses.”
The attackers changed some of the domain names from gov to org or com. They also added other words with results like ‘cyber-crime-fbi.org’, ‘agenciafbi.ga’, ‘fbi.systems’ and many others. While it’s possible to train security solutions to recognize spoofed domains, it’s also up to users to pay close attention to links they open.
The FBI also issued several simple recommendations, such as keeping the operating systems and applications updated to the most current versions, update the anti-virus and anti-malware solutions to their latest version, regularly conduct network scans, and verify that the visited website has a Secure Sockets Layer (SSL) certificate.
Spoofing URLs is not exclusive to government agencies, and many companies, especially the bigger ones, face this problem every day. It’s one of many tools in the hacker’s arsenal, and it’s especially effective in phishing campaigns.