Email and domain spoofing is a popular practice by cybercriminals to fool recipients to deploy various phishing and malware campaigns. Recently, the FBI has issued a warning about attackers attempting to impersonate the U.S. Census Bureau for phishing and credential theft attacks.
The FBI said that some entities were seen registering new domains that are likely to be used for malicious purposes.
- The lookalike domains (aka typosquatting) mimic the legitimate domains, with some characters or spelling altered. For example, the legitimate domain is 'censusburea[.]com', while one of the spoofed domains is ‘uscensusburea[.]co’.
- So far, these domains were not observed to be used in any attack. However, they can be used for their future malicious campaigns, such as spreading or operating malware, or financially motivated campaigns targeting individuals and businesses.
How does it work?
These attacks usually take advantage of fear, chaos, or hot topics to lure recipients. Spoofed domains mimic legitimate domains, while spoofed emails appear to be sent from a legitimate organization, which can not be recognized easily.
In the last two months, several malware campaigns were used for spam and domain spoofing to deliver their malware. Recently, Emotet botnet had used spam emails, with spoofed identities, laden with boobytrapped documents.
- In one of the attacks, cybercriminals sent spam emails claimed to come from the U.S. Election Assistance Commission. The email had a link redirecting users to a web page that spoofed ServiceArizona.
- Last month, cyber attackers used lures to send spam email leveraging misunderstandings regarding GDPR compliance to steal email login credentials from recipients.
- The same month, a multi-layered email attack purported to come from the Texas Department of State Health Services. The email attack spoofed to be sent from dshs[.]texas[.]gov.
While hackers won’t run out of ideas to exploit users, experts suggest providing training to employees and test them with simulated phishing emails with topical lures. Furthermore, users should avoid clicking on unsolicited links and entering sensitive data into unauthorized login pages.