December 09, 2021

Be Vigilant for Fraudulent Emails - Even if They're From the FBI

You've Reached Your
Free Article Limit This Month
Subscribe now to get unlimited access to all OnPractice content. Your subscription is free.
Subscribe Now

The FBI has reported that an email system was compromised and used to send out thousands of fraudulent emails about a fake cybercrime investigation to over 100,000 inboxes.

Specifically, on Nov. 13, (updated on Nov. 14), the FBI issued a press release on this attack:

"The FBI is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails. LEEP is FBI IT infrastructure used to communicate with our state and local law enforcement partners. While the illegitimate email originated from an FBI-operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI's corporate email service. No actor was able to access or compromise any data or PII on the FBI's network. Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks."

This incident is a form of Business Email Compromise (BEC), a growing cybercrime epidemic, with staggering losses to businesses and organizations of all sizes. BEC is a scheme in which an attacker uses fraudulent email to impersonate an executive, business contact, or another person to get a transfer of funds, money, or sensitive information. When BEC involves the takeover of a legitimate email account, like the FBI, it is called Email Account Compromise (EAC). EAC is dangerous because fraudulent emails may be sent from legitimate accounts.

It is important for businesses and organizations of all kinds and sizes to address potential incidents like this in their cybersecurity programs, by implementing policies and procedures to protect against them, conducting ongoing security awareness training, including reminders, implementing security technology, and developing and implementing incident response plans. A high-profile example like this provides a great learning opportunity to alert users that constant vigilance is necessary because even the FBI can be compromised.

For more on BEC, see our recent alert last month on Business Email Compromise.

If you have questions about the content of this alert, please contact David Ries ([email protected]; 412.394.7787), Melissa Ventrone ([email protected]; 312.360.2506), or another member of Clark Hill's Cybersecurity, Data Protection, and Privacy Group.

ALM expressly disclaims any express or implied warranty regarding the OnPractice Content, including any implied warranty that the OnPractice Content is accurate, has been corrected or is otherwise free from errors.

More From Clark Hill, PLC

What the California Environmental Quality Act Means for Cannabis Operators in the Golden State

By Steven L. Hoch Clark Hill, PLC March 22 , 2022

Cannabis is big business in California.

EPA Proposes Updates to the Hazardous Air Pollutant Copper Smelting Rules

By Danielle M. Hazeltine Clark Hill, PLC March 22 , 2022

On Jan. 11, EPA proposed more stringent National Emissions Standards for Hazardous Air Pollutants (NESHAPs) that apply to both major and area source primary copper smelters.

Investing in State Law Compliant Cannabis Businesses: Part 2 - Diving Deeper

By Sander C. Zagzebski Clark Hill, PLC March 21 , 2022

In Part 1 of this two-part series, we addressed the high-level concerns that a new investor should consider in making an investment in a state legal cannabis company. In this follow up, we address some of the more nuanced issues that investors should consider before deciding to invest in a specific cannabis company.

More From Cybersecurity

Fifth Circuit Decision Could Undermine Constitutionality of HHS Civil Money Penalty Laws

By Robert P. Charrow Greenberg Traurig May 20 , 2022

On May 18, 2022, the U.S. Court of Appeals for the Fifth Circuit issued its decision in Jarkesy v. Securities and Exchange Comm’n, in which it examined the constitutionality of an agency civil money penalty enforcement proceeding.

UPDATE: FEC Candidate Loan Repayment Limitation Ruled Unconstitutional in Supreme Court Decision

By Katherine N. Reynolds Dickinson Wright PLLC May 18 , 2022

On May 16, 2022, the United States Supreme Court ruled that limiting the repayment of candidate loans to their own campaign to $250,000 (codified under 52 U.S.C. § 30116(j)) is unconstitutional. The Plaintiffs, Ted Cruz for Senate and Senator Ted Cruz, filed suit against the Federal Election Commission (“FEC”), stating that the repayment limitation unconstitutionally infringes the First Amendment rights of the Senator, the Campaign, and any individuals who might seek to make post-election contributions.

Modernization of Manufacturers: Safety and Cybersecurity Issues

By Jason C. Gavejian Jackson Lewis P.C. May 11 , 2022

Like many other industries, manufacturing has been hit hard with labor shortages. As of April 2022, U.S. factory activity reportedly is at its slowest pace in more than 18 months. Consequently, many factories seek more agility from artificial intelligence and other automated processes to better manage disruptions and uncertainty. With these modernizations comes the threat of potential safety and health hazards and cyber threats.

Featured Stories