Hello, welcome to the Monday, November 15th, 2021 edition of the Sandcent Storm Center's Stormcast.

My name is Johannes Ulrich.

And I'm recording from Fort Walton Beach, Florida.

This weekend, many individuals received email that claimed to originate from the FBI and informed the

individual that their organization was the victim of some form of intrusion that the FBI is

investigating.

Now, of course, fake emails like this aren't necessarily new, but what was different here

was that these emails

actually originated from legitimate FBI email infrastructure. Spam House did an analysis

of the headers proving that all the signatures and such were correct that the originating

mail server was actually operated by the FBI.

According to a statement the FBI released on Sunday, the mail server in question here was used

by a law enforcement enterprise portal to push notifications and apparently was misconfigured allowing anybody

to use it to send arbitrary messages.

That being said, if your organization is the victim and part of an FBI investigation, you

should expect a personal visit by an FBI agent, maybe a phone call. Always tricky in

situations like this to essentially bootstrap trust when you're meeting these people for

the first time. Checking credentials, of course, is always a good idea. But I also always recommend

to attend your local InfraGard chapters meeting.

That's an organization that works with the FBI,

and it's typically a good way to meet your local FBI agents,

in particular those who are dealing with cybercrime issues.

...