FBI says fake emails about sophisticated attack are part of an ‘ongoing situation’

On Saturday, the FBI said it was aware of reports that unauthorized emails were being sent from a legitimate FBI email address. The messages were being sent to thousands of organizations about a possible cyber threat.

According to the FBI, the emails are part of an “ongoing situation” and started coming from an FBI address early on Saturday. The messages have reached at least 100,000 inboxes, as reported by the Spamhaus Project, which is a Europe-based nonprofit that tracks digital threats.

One of the fake emails sent from the address claimed to be a warning from the Department of Homeland Security that the recipient was allegedly the target of a “sophisticated” attack. The actual DHS Cybersecurity and Infrastructure Security Agency (CISA) says no such warning was made. 

“The FBI and CISA are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account,” the FBI noted in a statement. “This is an ongoing situation and we are not able to provide any information at this time. The impacted hardware was taken offline quickly upon discovery of the issue. We continue to encourage the public to be cautious of unknown senders and urge you to report suspicious activity to www.ic3.gov or www.cisa.gov.”

The FBI did not comment on how the emails were sent out, and it is still unknown which types of organizations received the email. Cybersecurity analysts are concerned that the fake emails might send organizations into a frenzy to confront a false threat. That could mean resources are diverted from where they are needed against true hacking threats.

Austin Berglas, former head of the FBI New York Cyber Branch said that taking over an email account instead of faking the account can be more effective in trapping victims. “When someone sees an email from a legitimate FBI account, they’re going to stand up and pay attention, right?” he said. Scammers have impersonated law enforcement in the past, but generally, those incidents have not involved real FBI email addresses.




Leave a Reply