The Federal Bureau of Investigation (FBI) has issued a flash alert to warn of potentially spoofed domains that attempt to mimic the domain name of the US Census Bureau. The US Census Bureau is a governmental statistical agency that collects and provides data on the US economy and population that is used to allocate billions of US dollars per year. In the alert, the FBI stated “The FBI has observed entities not associated with the US Census Bureau registering numerous domains spoofing the Bureau’s websites, likely for malicious purposes.” Spoofed domains (aka typosquatting) mimic legitimate domains by either altering character(s) within a domain name or associating another domain with similar characteristics to the legitimate domain, such as gogle[.]com or g00gle[.]com. Although there are no current signs of these spoofed domains being used in attacks, they could be used in the future by either financially driven attackers or by nation-state backed attackers to perform espionage or to possibly steal credentials.
Analyst Notes
Users of the Census Bureau site should pay close attention to the spelling of the domain name to verify that it is the site you intend to use. There is a list of 63 domains that the FBI has released in the attached flash alert below. For organizations that wish to better protect themselves from malicious domain typosquatting, Binary Defense offers domain name monitoring as part of its Counterintelligence service.
FBI Flash Alert: https://beta.documentcloud.org/documents/20397864-fbi-flash-unattributed-entities-register-domains-10142020
Source Article: https://www.bleepingcomputer.com/news/security/fbi-warns-of-newly-registered-domains-spoofing-us-census-bureau/
