Fake FBI emails about a sophisticated attack are part of ‘ongoing situation,’ agency says

By Sean Lyngaas

The FBI on Saturday said it was aware of reports that unauthorized emails were coming from a legitimate FBI email address to thousands of organizations about a purported cyber threat.

The emails — which according to the agency are part of an “ongoing situation” — started coming from an FBI address early Saturday and have hit at least 100,000 inboxes, according to the Spamhaus Project, a Europe-based nonprofit that tracks digital threats.

One of the fake emails sent from the FBI address, which CNN reviewed, claimed to be a warning from the Department of Homeland Security that the recipient was the target of a “sophisticated” attack. But the actual DHS Cybersecurity and Infrastructure Security Agency (CISA) made no such warning.

“The FBI and CISA are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account,” the FBI said in a statement. “This is an ongoing situation and we are not able to provide any additional information at this time. We continue to encourage the public to be cautious of unknown senders and urge you to report suspicious activity to www.ic3.gov or www.cisa.gov.”

It is unclear how access to the infrastructure needed to send an email from an FBI email address was obtained. But cybersecurity analysts are concerned that the fake alert could send organizations into a scramble to address a phantom threat. That might entail diverting resources from where they are needed against actual hacking threats.

The incident also cuts against the work of the FBI and DHS to build trust with non-government organizations and share actionable cyber threat data.

The-CNN-Wire
™ & © 2021 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.