The Federal Bureau of Investigation (FBI) has released a list of what it refers to as “spoofed FBI domains” that are posing cyber and disinformation risks.
Says the FBI announcement:
Spoofed domains and email accounts are leveraged by foreign actors and cybercriminals and can easily be mistaken for legitimate websites or emails. Adversaries can use spoofed domains and email accounts to disseminate false information; gather valid usernames, passwords, and email addresses; collect personally identifiable information; and spread malware, leading to further compromises and potential financial losses
The list contains several such samples, including at least one domain that is basically a three letter acronym for sale: FBI.ca.
The announcement is meant to educate people about the pitfalls of trusting “FBI” domains other than the true one, at FBI.gov. Here are some recommendations by the FBI:
- Verify the spelling of web addresses, websites, and email addresses that look trustworthy but may be imitations of legitimate election websites.
- Ensure operating systems and applications are updated to the most current versions.
- Update anti-malware and anti-virus software and conduct regular network scans.
- Do not enable macros on documents downloaded from an email unless absolutely necessary, and after ensuring the file is not malicious.
- Do not open emails or attachments from unknown individuals. Do not communicate with unsolicited email senders.
- Never provide personal information of any sort via email. Be aware that many emails requesting your personal information may appear to be legitimate.
- Use strong two-factor authentication if possible, using biometrics, hardware tokens, or authentication apps.
- Use domain whitelisting to allow outgoing network traffic to websites that are deemed safe.
- Disable or remove unneeded software applications
- Verify that the website you visit has a Secure Sockets Layer (SSL) certificate.
Here’s the domain list:
agenciafbi.ga
authefbi.ga
cyber-crime-fbi.org
fbi-augustyn.pl
fbi-bau.de
fbi-belote.com
fbi-biz.com
fbi-c-d.com.co
fbi-c.com.co
fbi-cd.com.co
fbi-fraud.com
fbi-gov.network
fbi-intel.com
fbi-news.com
fbi-ny.com
fbi-official.com
fbi-pay.com
fbi-police.com
fbi-unit.net
fbi-usa.us
fbi.ca
fbi.camera
fbi.cash
fbi.com.jo
fbi.health
fbi.studio
fbi.systems
fbi0.com
fbi058.com
fbi2.com
fbi2000.com
fbi3262.live
fbi7.cn
fbi9.com
fbi9.me
fbi99.cn
fbiagent.online
fbiaustralia.com
fbibau.de
fbibau.us
fbiboston.com.jo
fbicyberdivision.com
fbidefense.com
fbienglish.com
fbifraud.primebnkonline.com
fbifrauddepartment.org
fbigiftshop.shop
fbiglobalgp.com
fbigov.art
fbigrantinvestigation.com
fbihelp.org
fbiigovv.com
fbiinspectionunit.com
fbikids.com
fbilibrary.ml
fbimaryland.org
fbimaxwell.com
fbimostwanted.info
fbinews.ga
fbinews.online
fbinigeria.org
fbioffice.ml
fbiofficial.online
fbione.com
fbiopenthedoor.icu
fbiorganisation.online
fbiorganization.club
fbipedophilerings.com
fbiphoto.com
fbipublicidad.com
fbireport.us
fbireserveco.biz
fbispassport.gq
fbiurl.com
fbiusa.net
fbiusagov.com
fbiusagov.online
fbiusgov.com
fbiwarning.club
hdqkfbi.cn
ic-fbi.org
infofbi-unit.com
johnsonfbi.com
legalienfbi.com
plapper-fbi.com
powerfulfbi.ninja
us-fbigov.com
virtualfbi.com
x-alienfbi.com
xalienfbi.com