However, what happens when you receive an email that not only sounds legit, but is also sent from a legitimate email address used by law enforcement agencies like the FBI? What do you do then? That was what happened recently when the FBI’s email system was compromised and was used to send thousands of emails to users warning them of a cyberattack.
This was first discovered by the Spamhaus Project and reported by Bleeping Computer. According to the emails, it warned users of a “sophisticated chain attack” by Vinny Troia, the head of security research of dark web intelligence companies NightLion and Shadowbyte. However, apart from the warning, it did not require any action on the user’s part, other than to ask them to check their systems and IDS monitoring.
It has been estimated that these fake emails might have reached as many as 100,000 mailboxes, if not more. The FBI has since confirmed that they are aware of the situation in a statement to Bleeping Computer, where they said, “The FBI and CISA are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account. This is an ongoing situation and we are not able to provide any additional information at this time.”
Troia himself has also since come forward where in a tweet, he hinted at who could be behind this attack and suggested that this was not the first time that person has tried to damage the researcher’s reputation.