By using an organization’s brand value and reputation, a cybercriminal can target an organization’s most valuable resources in domain spoofing attacks. Recently, the FBI has alerted—through the Internet Crime Complaint Center (IC3)—regarding possible malicious use of spoofed domains by cybercriminals.
What’s the alert?
The FBI has issued a Public Service Announcement asking the general public to be vigilant and recognize spoofed FBI-related internet domains.
- According to the FBI, unknown cyber actors have registered numerous domains spoofing legitimate FBI websites.
- The FBI has published a list of these lookalike domains that include us-fbigov[.]com, fbiigovv[.]com, us-fbigov[.]com, fbiusagov[.]online, fbiusagov[.]com, and fbiusgov[.]com, among others.
- These lookalike domains can be used to harvest the targets' credentials and financial information, to spread malware, and propagate false information.
Recent actions against domain spoofing
- In October, the FBI issued a flash alert to warn of the potential use of spoofed US Census Bureau domains, likely created for malicious purposes (phishing and credential theft).
- In the same month, the U.S. law enforcement had seized 92 domains masked as legitimate news outlets by Iran's Islamic Revolutionary Guard Corps.
Actions on illegal registration attempts
The U.S. government has mandated the use of notarized signatures on the authorization letter required by the U.S. General Services Administration as part of the registration process for .gov domains to block attempts by unauthorized organizations.
The general public should critically evaluate the websites they visit to ensure their safety. Regular network scans and updated anti-malware and web security software can help users avoid such malicious domains.