A problem with an official FBI website allowed someone to send hoax emails from the « eims@ic.fbi.gov » email address.
System administrators were recently awakened by terrifying emails from an email address associated with the FBI claiming that a threat actor has compromised their systems. It turns out the emails were fake, however, and seem to have been enabled by a flaw in an FBI website. A threat intelligence firm called Spamhaus revealed the fake emails just after 4 a.m. on Nov.13. The messages themselves weren’t particularly believable, but the email headers indicated they were indeed sent from the FBI, which made figuring out how to respond to them more difficult. The FBI acknowledged the problem on Nov.13 but didn’t offer additional details about what happened. Then it released an updated statement about the issue on Nov.14: The FBI is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails.
