The FBI is, globally, one of the main public entities that warn about cyber threats. To this end, in addition to having specialists in the field, it also collects data from other sources of information, thus amplifying their scope. Thus, paying attention to all your publications in relation to cybersecurity is a highly recommended habit not only for professionals in the sector, but also for private users who, either directly or indirectly, may be affected by these risks.
Thus, for many people an alert message from the FBI is something to take very seriously, so identity theft is relatively common, with many phishing campaigns based on trying to emulate the US bureau. However, an analysis of them often quickly reveals that they are not real. As a general rule, it is enough to check the email address, the email server and its IP address, to quickly identify it as phishing.
However, the surprise has come a few hours ago, when massively an alleged message issued by the FBI has begun to spread. It warned about a «sophisticated chain attack»From a known and dangerous threat actor, identified as Vinny Troia. Something a bit strange, since Vinny Troia is not a cybercriminal, Troia is the head of security research for dark web intelligence companies NightLion and Shadowbyte.
The surprise has come when reviewing the metadata of the message, since emails originate from FBI serversas the message headers show that its origin is verified by the DomainKeys Identified Mail (DKIM) mechanism. In other words, the person responsible for sending the alert, which is obviously false, has obtained access to the FBI’s email servers and, based on them, has issued a false alert, with an unfounded accusation to a professional of the cybersecurity sector.
Asked by Bleeping Computer about this attack, Troia designates a person or group using the nickname Pompomourin as likely guilty of the intrusion and attempted defamation, «Previously [pompompurin] they hacked into the blog on the website of the national center for missing children and posted some information about me as a pedophile”.
The FBI confirmed that the content of the emails is false and that they were working to resolve the issue.as their help desk is flooded with calls from concerned administrators. In a statement, the FBI said they could not share more information as it was an ongoing situation:
«The FBI and CISA are aware of this morning’s incident involving fake emails from an @ ic.fbi.gov email account. This is an ongoing situation and we are unable to provide any additional information at this time. We continue to encourage the public to beware of unknown senders and urge you to report any suspicious activity.”.
