Hoax Email Blast Abused Poor Coding in FBI Website

Nov 16, 2021 7:38:18 AM | FBI Hoax Email Blast Abused Poor Coding in FBI Website

The Federal Bureau of Investigation (FBI) confirmed that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.

This is another reminder that all organizations, even the FBI, are susceptible to breaches...

It is all over the security news. Even CNN on Sunday released an article with the headline, "Fake FBI emails about a sophisticated attack are part of 'ongoing situation,' agency says". According to CNN via the Spamhaus Project, "at least 100,000 inboxes" have been hit with ominous looking emails trying to elicit an unknown response. At first glance it looks like a character assassination against a "threat actor" named in the email. For the rest of us it should be a (crazy) reminder that Tis the Season for online scams. It is also a great reminder that none of us are outside the reach of real threat actors.

Check out the detailed discussion on Brian Krebs blog here.

The photo above is a screenshot from the FBI’s email system provided by Spamhaus.org.

Nov 16, 2021 7:38:18 AM | FBI Hoax Email Blast Abused Poor Coding in FBI Website

Written By: Kate Drankoff

Nov 16, 2021 7:38:18 AM | FBI Hoax Email Blast Abused Poor Coding in FBI Website

Share

Written By: Kate Drankoff

You May Also Like

May 25, 2021 10:17:19 AM | security Verizon 2021 Data Breach Investigations Report (DBIR) Highlights

Nov 2, 2023 10:00:00 AM | Managed Services IT Budgeting - Best Practices for your IT Budget

Mar 12, 2024 11:00:00 AM | You Know You Need to Prioritize Cyber Security - What's Next?