Be Vigilant for Fraudulent Emails – Even if They’re From the FBI

The FBI has reported that an email system was compromised and used to send out thousands of fraudulent emails about a fake cybercrime investigation to over 100,000 inboxes.

Specifically, on Nov. 13, (updated on Nov. 14), the FBI issued a press release on this attack:

“The FBI is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails. LEEP is FBI IT infrastructure used to communicate with our state and local law enforcement partners. While the illegitimate email originated from an FBI-operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service. No actor was able to access or compromise any data or PII on the FBI’s network. Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks.”

This incident is a form of Business Email Compromise (BEC), a growing cybercrime epidemic, with staggering losses to businesses and organizations of all sizes. BEC is a scheme in which an attacker uses fraudulent email to impersonate an executive, business contact, or another person to get a transfer of funds, money, or sensitive information. When BEC involves the takeover of a legitimate email account, like the FBI, it is called Email Account Compromise (EAC). EAC is dangerous because fraudulent emails may be sent from legitimate accounts.

It is important for businesses and organizations of all kinds and sizes to address potential incidents like this in their cybersecurity programs, by implementing policies and procedures to protect against them, conducting ongoing security awareness training, including reminders, implementing security technology, and developing and implementing incident response plans. A high-profile example like this provides a great learning opportunity to alert users that constant vigilance is necessary because even the FBI can be compromised.

For more on BEC, see our recent alert last month on Business Email Compromise.

If you have questions about the content of this alert, please contact David Ries (dries@clarkhill.com; 412.394.7787), Melissa Ventrone (mventrone@clarkhill.com; 312.360.2506), or another member of Clark Hill’s Cybersecurity, Data Protection, and Privacy Group.