The FBI has observed entities not associated with the US Census Bureau registering numerous domains spoofing the Bureau’s websites, likely for malicious purposes. These suspicious spoofed domains are easily mistaken for legitimate Census Bureau websites and can be used for advertising, credential harvesting, and other malicious purposes. Spoofed domains (aka typosquatting) mimic legitimate domains by either altering character(s) within the domain or associating another domain with similar characteristics to the legitimate domain, such as “Censusburea[.]com” or “census-gov[.]us” Spoofed domains are increasingly used by cyber criminal and state-sponsored groups to propagate the spread of malware, which can lead to further compromise and financial losses. This activity poses a risk to both the US Census Bureau and the public.
The Census Bureau continually collects and provides data about the people and economy of the US. This creates opportunities for cyber actors to attempt to exploit respondents and users of the data for financial gain and other nefarious purposes. Cyber actors can use spoofed domains similar to Census Bureau websites to target businesses and the public. In the past, cyber actors have used spoofed domains to gather valid usernames, passwords, and email addresses; collect personally identifiable information; and spread malware, leading to further compromises and potential financial losses.
As part of the US government’s facilities sector, the Census Bureau remains a target for both criminal and nationstate actors aiming to negatively affect the US Government and create distrust among US citizens. In order to prevent website confusion for site visitors, the Census Bureau is actively working to disable spoofed domains.
Recommended Mitigations
- Users should pay close attention to the spelling of web addresses, or websites that look trustworthy but may be close imitations of legitimate Census Bureau websites.
- Devise a continuity of operations plan for a potential cyber attack; prioritize the systems most important to continued operations.
- Ensure the SSL (Secure Sockets Layer) certificate is present, and the top-level domain is “.gov” for the website.
- Regularly patch operating systems, software, and firmware.
- Update anti-malware and anti-virus software and conduct regular network scans.
- Use multi-factor authentication where possible.
- Audit networks and systems for unauthorized remote communication.
- Disable or remove unneeded software, protocols, macros, and portals.
