Secplicity – Security Simplified

Imposter! New Phishing Scam Goes Undercover as the FBI to Steal PII

Cybercriminals impersonated part of the Federal Bureau of Investigation (FBI) in a recent phishing scam in which they distributed malware-laced documents disguised to look like legitimate messages from the Internet Crime Complaint Center (IC3). The IC3, a division of the FBI, functions as a trusted entity for the public to report suspected malicious and illegal activity encountered online – making the fraudulent emails prime for stealing personal identifiable information (PII).

Here’s an excerpt from a Dark Reading report explaining how these internet imposters aimed to dupe their unsuspecting targets:

“The unknown threat actors emailed targets requesting information so they could be paid restitution. To make their messages seem legitimate, they added hyperlinks of news articles reporting on the arrest of Internet fraudsters. Targets received text documents, which contained malware, to download, fill out, and return to the attackers.”

But that’s not the only undercover operation these scammers are running. In addition to the messages described above – a social media page impersonating IC3 has been caught soliciting personal information from users, and at least two other fraudulent email campaigns disguised as ICR correspondence have been reported for requesting PII and other sensitive, confidential data.

For more details, check out the full article on Dark Reading. And keep an eye on Secplicity for the latest information about phishing scams to watch out for, and solutions to dramatically cut down the number of phishing and spam emails trying to breach your inbox.