Security News > 2021 > November > Fake emails exploited FBI email service to warn of phony cyberattacks
On Saturday, spam tracker Spamhaus tweeted that it had learned of "Scary" emails being sent purportedly from the FBI and Department of Homeland Security.
Though the emails were sent from a portal owned by the FBI and DHS, Spamhaus said that the messages themselves were fake.
In its own message released on Saturday, the FBI and the Cybersecurity and Infrastructure Security Agency said they were aware of the incident with fake emails sent from an ic.
In a follow-up message sent out on Sunday, the agency said that a software misconfiguration temporarily let someone access the Law Enforcement Enterprise Portal to send phony emails.
"While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI's corporate email service," the agency said.
"The latest security incident resulting from fake emails being sent from the Law Enforcement Enterprise Portal is a reminder that cybercriminals will look for techniques to deliver malicious content under the disguise of legitimate services," said Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify.