FBI sounds alarm over malware-laden phishing email making the rounds

Phishing remains the greatest threat to online services, even though it”s one of the oldest tricks in the book. A warning by the FBI suggests phishing scams will continue to make headlines in 2018, as bad actors go as far as to impersonate the FBI cybercrime division, sending out malware-laced emails in its name.

In a public service announcement, the bureau says it has received complaints about an apparent phishing scam involving its Internet Crime Complaint Center (IC3). An investigation into these claims made over the past seven months revealed they were true.

In typical fashion, the email templates (three, by the FBI”s last count) attempt to persuade victims to supply sensitive personal information that the attackers can then use to access their finances. If all else fails, the email relies on a plan B of-sorts to infect the victim”s computer with malware.

“Cyber actors are scamming victims into providing personal information and downloading malicious files by impersonating the Internet Crime Complaint Center (IC3),” reads the note.

“In a recent scam, the unknown actors emailed victims requesting the recipients provide additional information in order to be paid restitution. In an attempt to make the emails appear legitimate, the scammers included hyperlinks of news articles which detailed the arrest or apprehension of an internet fraudster. The unknown actors also attached a text document (.txt) to download, complete, and return to the perpetrators. The text file contained malware which was designed to further victimize the recipient.”

The intelligence agency posts three examples of email templates that the attackers are using, with one bearing telltale signs of a typical phishing scam.

The clues – ranging from crippled English and sloppy punctuation to overemphatic arguments and an overall juvenile narrative – are striking enough to prompt even the untrained user to think twice before handing over personal information.

The bureau advises anyone who believes they may be a victim of an online scam to file a complaint with the IC3 at www.ic3.gov.

In a joint cybersecurity study last year, Google and the University of California revealed phishing was the greatest threat to account-based online services.

More recently, data compiled by experts in email analytics showed that online retailers are exposing their customers to huge risks by maintaining weak email validation systems. Specifically, 87.6 percent of root domains operated by top e-retailers in the U.S. and E.U. are putting their consumers at risk of having their data stolen through phishing attacks, the research found.