The FBI is warning users to be vigilant about fraudulent websites impersonating FBI-related domain names. In a security release, the FBI stated that it identified cybercriminals registering various lookalike domains to misguide users seeking information about the FBI’s mission, services, and news.
Cybercriminals create spoofed domains by changing characteristics of original domains slightly, like altering the spelling of a word or changing a domain from legitimate [.]gov version to [.]com. Besides fake domains, attackers also use malicious lookalike emails to lure users into clicking on malicious email attachments or links. The FBI urged users to evaluate the websites they visit, and crosscheck the messages received to their personal and business email account.
Find the Fake
The FBI recommended certain security precautions to identify fake websites and links. These include:
- Verify the spelling of web addresses, websites, and email addresses that look trustworthy but may be imitations of legitimate election websites.
- Ensure operating systems and applications are updated to the most current versions.
- Update anti-malware and anti-virus software and conduct regular network scans.
- Do not enable macros on documents downloaded from an email unless necessary, and after ensuring the file is not malicious.
- Do not open emails or attachments from unknown individuals. Do not communicate with unsolicited email senders.
- Never provide personal information of any sort via email. Be aware that many emails requesting your personal information may appear to be legitimate.
- Use strong two-factor authentication if possible, using biometrics, hardware tokens, or authentication apps.
- Use domain whitelisting to allow outgoing network traffic to websites that are deemed safe.
- Disable or remove unneeded software applications.
- Verify that the website you visit has a Secure Sockets Layer (SSL) certificate.
“Spoofed domains and email accounts are leveraged by foreign actors and cybercriminals and can easily be mistaken for legitimate websites or emails. Adversaries can use spoofed domains and email accounts to disseminate false information; gather valid usernames, passwords, and email addresses; collect personally identifiable information; and spread malware, leading to further compromises and potential financial losses,” the FBI said.