The alert was mumbo jumbo, but it was indeed sent from the bureau’s email system, from the agency’s own internet address.
https://threatpost.com/fbi-system-exploit-email-fake-cyberattack-alert/176333/
Threat actors are impersonating such wildly popular personal-finance apps (which are used more than social media or streaming services) to try to fool people into giving up their credentials.
https://threatpost.com/tax-season-scammers-spoof-fintechs-stash-public/179071/