AN IMPORTANT EMAIL WARNING
ON NOVEMBER 13TH, 2021 THE FBI ISSUES THIS STATEMENT
FBI Statement on Incident Involving Fake Emails – Original statement:
The FBI and CISACybersecurity and Infrastructure Security Agency The Cybersecurity and Infrastructure Security Agency (CISA) is a standalone United States federal agency, an operational component under Department of Homeland Security (DHS) oversight. Its activities are a continuation of the National Protection and Programs Directorate (NPPD). CISA was established on November 16, 2018 when President Donald Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018. are aware of the incident this morning involving fake emails from an @ic.fbi.gov email account. This is an ongoing situation, and we are not able to provide any additional information at this time. The impacted hardware was taken offline quickly upon discovery of the issue. We continue to encourage the public to be cautious of unknown senders and urge you to report suspicious activity to ic3.gov or cisa.gov.
ON NOVEMBER 14TH, 2021 THE FBI ISSUES THIS UPDATE:
The FBI is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails. LEEP is FBI IT infrastructure used to communicate with our state and local law enforcement partners. While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service. No actor was able to access or compromise any data or PII on the FBI’s network. Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks.
THE STORY CONTINUES:
HackerHacker A computer hacker is a computer expert who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term hacker has become associated in popular culture with a security hacker – someone who utilizes their technical know-how of bugs or exploits to break into computer systems and access data which would otherwise be unavailable to them – hacking can also be utilized by legitimate figures in legal situations. For example, law enforcement agencies sometimes use hacking techniques in order to collect evidence on criminals and other malicious actors. This could include using anonymity tools (such as a VPN, or the dark web) to mask their identities online, posing as criminals themselves. Likewise, covert world agencies can employ hacking techniques in the legal conduct of their work. Oppositely, hacking and cyber-attacks are used extra- and illegally by law enforcement and security agencies (conducting warrantless activities), and employed by State actors as a weapon of both legal and illegal warfare. sends spam to 100,000 from FBI email address – The FBI and Cybersecurity and Infrastructure Security AgencyCybersecurity and Infrastructure Security Agency The Cybersecurity and Infrastructure Security Agency (CISA) is a standalone United States federal agency, an operational component under Department of Homeland Security (DHS) oversight. Its activities are a continuation of the National Protection and Programs Directorate (NPPD). CISA was established on November 16, 2018 when President Donald Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018. said they were aware of the fake emails sent from the FBI account, but declined to share more information.
From NBC NEWS:
By Kevin Collier, NBC News
An apparently malicious hacker sent spam emails from an FBI email server Friday night to at least 100,000 people, an email spam watchdog group has found.
The person’s motives are unknown. The email message was a bizarre, technically incoherent warning that made reference to cybersecurity writer Vinny Troia as well as a cybercriminal group called The Dark Overlord. Troia’s company, Night Lion Security, published research on The Dark Overlord in January.
The hacker signed off as the U.S. Department of Homeland SecurityDepartment of Homeland Security The United States Department of Homeland Security (DHS) is the U.S. federal executive department (under the President) responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-terrorism, border security, immigration and customs, cybersecurity, and disaster prevention and management.’s Cyber Threat Detection and Analysis Group, which hasn’t existed for at least two years.
The FBI routinely warns American companies of cyber threats targeting particular industries, or when they learn of malicious hackers trying an effective new technique. This is believed to be the first known case of a seemingly malicious actor gaining access to one of those systems to send spam to a large number of people.
The incident comes on the heels of a number of high-profile breaches of U.S. government networks in recent months, including a Russia-based attack that compromised at least nine federal agencies, and a Chinese-based hacking campaign so severe that the Cybersecurity and Infrastructure Security Agency had to issue a rare mandate for all government agencies to immediately update their software.
While it’s common for scammers to make it appear that they’re sending an email from someone else’s address, the emails’ metadata made it clear that they were sent from an FBI server, said Alex Grosjean, a researcher at the Spamhaus Project, a European nonprofit that monitors email spam.
The recipients of the emails appear to be the publicly listed administrators of websites listed on the American Registry for Internet Numbers, Grosjean said.
In an updated statement on Sunday, an FBI spokesperson said the hacker had found and exploited a flaw in how an agency messaging system is configured, and that they weren’t able to access FBI files.
“The FBI is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails. LEEP is FBI IT infrastructure used to communicate with our state and local law enforcement partners,” the emailed statement said.
“No actor was able to access or compromise any data or PII [personally identifiable information] on FBI’s network,” it said.
ADVISORY
While we all believe that this event is now over, it raises significant concerns, especially about what the FBI is not telling us!
If you or anyone you know received any emails from the FBI (FBI.gov) DO NOT CLICK on any links or respond to any actions. Call the FBI about any emails or notices to confirm their authenticity!
Essential Tools For Every ScamScam A Scam is a confidence trick - a crime - is an attempt to defraud a person or group after first gaining their trust through deception. Scams or confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, irresponsibility, or greed and exploiting that. Researchers have defined confidence tricks as "a distinctive species of fraudulent conduct ... intending to further voluntary exchanges that are not mutually beneficial", as they "benefit con operators ('con men' - criminals) at the expense of their victims (the 'marks')". A scam is a crime even if no money was lost. Victim From SCARS Publishing
Visit shop.AgainstScams.org
Each is based on our SCARS Team’s 31 plus years of experience.
SCARS Website Visitors get an Extra 10% Discount
Use Discount Code “romanacescamsnow” at Checkout
100% of all profit goes to help SCARS help more scam victims worldwide.
Your generous purchase allows us to maintain our scam avoidance, support, and recovery services. Please help SCARS and stand proud.
Your Feedback!
Please share your feedback below. Hearing from victims helps us refine our knowledge about scammer’s processes and methods, and then be able to better share factual authoritative information with victims worldwide. Please scroll down and share your thoughts and comments. What you think and experienced matters.
Please Share:
Please share our articles and knowledge with your friends & family. This is important!
Help others stay safe online – your knowledge can make the difference for both those being groomed and victims! The next victim might be your own family member or best friend!
By the SCARS™ Editorial Team
Society of Citizens Against Relationship ScamsSCARS SCARS - Society of Citizens Against Relationship Scams Inc.
A government registered crime victims' assistance & crime prevention nonprofit organization based in Miami, Florida, U.S.A. SCARS supports the victims of scams worldwide and through its partners in more than 60 countries around the world. Incorporated in 2015, its team has 30 years of continuous experience educating and supporting scam victims.
Visit www.AgainstScams.org to learn more about SCARS. Inc.
A Worldwide Crime Victims Assistance & Crime Prevention Nonprofit Organization Headquartered In Miami Florida USA & Monterrey NL Mexico, with Partners In More Than 60 Countries
To Learn More, Volunteer, or Donate Visit: www.AgainstScams.org
Contact Us: Contact@AgainstScams.org
Leave A Comment