Be Vigilant for Fraudulent Emails – Even if They’re From the FBI
Specifically, on Nov. 13, (updated on Nov. 14), the FBI issued a press release on this attack:
“The FBI is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails. LEEP is FBI IT infrastructure used to communicate with our state and local law enforcement partners. While the illegitimate email originated from an FBI-operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service. No actor was able to access or compromise any data or PII on the FBI’s network. Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks.”
This incident is a form of Business Email Compromise (BEC), a growing cybercrime epidemic, with staggering losses to businesses and organizations of all sizes. BEC is a scheme in which an attacker uses fraudulent email to impersonate an executive, business contact, or another person to get a transfer of funds, money, or sensitive information. When BEC involves the takeover of a legitimate email account, like the FBI, it is called Email Account Compromise (EAC). EAC is dangerous because fraudulent emails may be sent from legitimate accounts.
It is important for businesses and organizations of all kinds and sizes to address potential incidents like this in their cybersecurity programs, by implementing policies and procedures to protect against them, conducting ongoing security awareness training, including reminders, implementing security technology, and developing and implementing incident response plans. A high-profile example like this provides a great learning opportunity to alert users that constant vigilance is necessary because even the FBI can be compromised.
For more on BEC, see our recent alert last month on Business Email Compromise.
If you have questions about the content of this alert, please contact David Ries (firstname.lastname@example.org; 412.394.7787), Melissa Ventrone (email@example.com; 312.360.2506), or another member of Clark Hill’s Cybersecurity, Data Protection, and Privacy Group.
14th Annual Housing Authorities of Texas Symposium
We are excited to present updates on legal developments facing your ever-changing industry.
EV Charging Stations: Retail & Hospitality's Next Customer Perk
The growing efforts to establish electric vehicle (EV) charging infrastructures and networks will create business opportunities, but do you know how to effectively deploy, manage, and optimize your EV charging solutions?
New Jersey Cannabis: Finance, Real Estate, IP and Legal
Cannabis is expected to continue its torrid pace of growth on the East Coast. The Garden State is leading that charge and the four most challenging aspects are finance, real estate, IP and legal.