14 DAY TRIAL // The Federal Bureau of Investigation, or the FBI, has issued a warning about a series of spoofed domains that are being used by cybercriminals in an attempt to steal user information.
Spoofed domains typically look like real domains, only that malicious actors turn to a very simple trick: they change one letter, the Internet domain, or add more words that make sense for each target, all in an attempt to trick users into thinking they’re loading the legitimate site.
In most cases, hackers publish content that encourages users to provide information like personal details and credit card numbers.
The FBI says it has already detected a number of spoofed domains, as well as others that no longer resolve, which means they have been suspended (though there’s also a chance they might be reactivated at a later time).
Users who want to visit the FBI’s official site should check the URL in the address bar and make sure it’s www.fbi.gov.
“The Federal Bureau of Investigation (FBI) is issuing this announcement to help the public recognize and avoid spoofed FBI-related Internet domains. The FBI observed unattributed cyber actors registering numerous domains spoofing legitimate FBI websites, indicating the potential for future operational activity,” the FBI says in its warning.
“Spoofed domains and email accounts are leveraged by foreign actors and cybercriminals and can easily be mistaken for legitimate websites or emails. Adversaries can use spoofed domains and email accounts to disseminate false information; gather valid usernames, passwords, and email addresses; collect personally identifiable information; and spread malware, leading to further compromises and potential financial losses.”
Most of the spoofed domains use a .com ending, while others were hosted on .de, .ca, .org, .cn. and even .ninja domains. You can check out the full list of spoofed domains in the box after the jump.
At this point, it’s not yet clear if the malicious actors have managed to make any victim with their spoofed domains, but all have already been taken down – though there’s always a chance that others would show up in the coming future.
“Cyber actors create spoofed domains with slightly altered characteristics of legitimate domains. A spoofed domain may feature an alternate spelling of a word, or use an alternative top-level domain, such as a "[.]com" version of a legitimate "[.]gov" website. Members of the public could unknowingly visit spoofed domains while seeking information regarding the FBI's mission, services, or news coverage. Additionally, cyber actors may use seemingly legitimate email accounts to entice the public into clicking on malicious files or links,” the FBI emphasizes.
Needless to say, everybody loading the FBI website should double-check the URL and make sure no sensitive information they share on these pages.
The FBI warns that in many cases, the spoofed domains are sent to potential targets via email, and the easiest way to avoid any potential scam is to delete messages coming from unknown individuals.
“Do not enable macros on documents downloaded from an email unless absolutely necessary, and after ensuring the file is not malicious. Do not open emails or attachments from unknown individuals. Do not communicate with unsolicited email senders. Never provide personal information of any sort via email. Be aware that many emails requesting your personal information may appear to be legitimate,” the FBI says in a series of recommendations.
IT pros can actually employ more advanced security measures, such as setting up domain whitelisting and thus allow users to only load websites that are known to be safe. Blocking access to the spoofed domains that authorities and security companies come across regularly also helps make sure users don’t end up loading a dangerous website.