in

FBI: Fake versions of our site could be used for cyberattacks, so watch out

The Federal Bureau of Investigation (FBI) is warning the public to avoid internet domains designed to look similar to its own main official website www.fbi.gov. 

The warning concerns dozens of websites that could be used to target people seeking information about the FBI’s activities or news announcements. 

More on privacy

“The FBI observed unattributed cyber actors registering numerous domains spoofing legitimate FBI websites, indicating the potential for future operational activity,” it said in the public service announcement (PSA) on Monday.   

SEE: Network security policy (TechRepublic Premium)

The FBI is concerned that the spoofed FBI-related domains could be used as part of future attacks aimed at stealing credentials or spreading disinformation to the public. 

It urged the public to “critically evaluate the websites they visit, and the messages sent to their personal and business email accounts, to seek out reliable and verifiable FBI information.” 

Hackers and criminals can use spoofed domains and email accounts to: disseminate false information; gather valid usernames, passwords, and email addresses; collect personally identifiable information; and spread malware, leading to further compromises and potential financial losses, the FBI notes. 

While the FBI has not attributed the spoofed FBI domains to any specific country or cyber actors, it has provided dozens of examples of recently registered domains that could be used to trick members of the public. 

“Cyber actors create spoofed domains with slightly altered characteristics of legitimate domains,” the FBI said. 

“A spoofed domain may feature an alternate spelling of a word, or use an alternative top-level domain, such as a “[.]com” version of a legitimate “[.]gov” website. Members of the public could unknowingly visit spoofed domains while seeking information regarding the FBI’s mission, services, or news coverage. Additionally, cyber actors may use seemingly legitimate email accounts to entice the public into clicking on malicious files or links.”


Source: Information Technologies - zdnet.com

SEC alleges Benja CEO duped investors to fund a non-existent e-commerce empire

New WAPDropper malware abuses Android devices for WAP fraud