One would think that cybercriminals would be smart enough to avoid deliberately antagonizing an organization dedicated specifically to taking them down, and yet here we are.
A new scam going around features email messages claiming to be from the FBI, and while the scam is not particularly hard to avoid, you have to marvel at the sheer audacity of it.
This information comes from — you guessed it — the actual Federal Bureau of Investigation, courtesy of its Internet Crime Complaint Center (IC3). Users receive an email message entitled “RE: Internet Crime Victim Restitution” from an organization claiming to be the IC3. (The FBI did not specify an email address from which the scam originates, but it’s not hard to spoof something to look like a government communication.)
Interestingly, the scam doesn’t try to accuse the user of owing money or performing some kind of unlawful action, like the ubiquitous IRS scam. Instead, the bogus message claims that the FBI has caught a prominent Nigerian scammer, and that the user may be entitled to restitution from the man who chopped their dollars. (A variation on the scam simply suggests that the user may be a victim of “federal cyber crime.”) All the user has to do is download a form, fill it out and return it.
The form appears to be an attached .TXT file, but — surprise — it’s just malware. The FBI didn’t specify what kind (or how a simple text file can have malware embedded), but most modern malware either logs your keystrokes, gives a remote user control of your machine, drafts your computer into a botnet, uses your computer's CPU to "mine" cryptocurrency or locks up your hard drive and demands a ransom; take your pick. The bottom line is that you don’t want it.
The only interesting flourish is that some of the emails link to legitimate websites that document real-life FBI cybercrime busts. It’s an interesting way to build a reader’s confidence in the message, but the stilted grammar and shaky grasp of American legality will probably still raise a few eyebrows.
If anything, it’s a little disappointing that a scam that aims so high is really just another way to spread run-of-the-mill malware among credulous email checkers. Still, the FBI is not amused that cybercriminals are leveraging its good name to do the very thing that the organization tries to prevent. The FBI encourages anyone affected by the scam to log a complaint at the IC3 website, which could help its investigators track down the perpetrators.
The lesson, as usual, is to not download attachments from email addresses you don’t know, even (especially!) if they claim to be government agents. I am not familiar with any government organization that sends unsolicited emails with attachments, and while the FBI probably has your best interest in mind, it’s not about to start paying with recovered scammer assets.