FBI warns hackers are filing fake police data requests to steal people’s private information
- FBI issues Private Industry Notification on emergency data requests
- Hackers are using stolen .gov email addresses to pose as authorities
- Mitigations recommended by the FBI should be put in place
Cybercriminals are using stolen government email addresses to submit fraudulent emergency data requests to US companies to steal personally identifying information (PII) of customers, which could be used for nefarious purposes such as phishing and identity theft, experts have warned.
This attack vector has grown in popularity since August 2023, warranting the issue of a Private Industry Notification from the FBI.
The Bureau has also issued a list of mitigation measures for businesses to put in place to keep personal data safe and ensure that only authentic data requests are processed.
Fraudulent requests on the rise
Over the last year, the FBI has logged a significant uptick in forum posts from cybercriminals relating to fraudulent data requests. The trend stemmed from one user stating that for $100, they could teach people to use data requests to obtain information on any social media account. Shortly thereafter, another user discovered that by using a ‘.gov’ email address, they could pose as the authorities and obtain much more detailed information to use for phishing.
Fraudulent data requests gradually became more advanced and more threatening, with one user posting in December 2023 that they included the threat of harm or death to an individual if the data request was not processed and approved.
Shortly following this in March 2024, another known cyber criminal submitted a Mutual Legal Assistance Treaty (MLAT) to PayPal. The MLAT used details from a child trafficking investigation, including case number and legal code to appear legitimate, however PayPal declined the MLAT.
In August 2024, a cybercriminal listed “High Quality .gov emails for espionage/social engineering/data extortion/Dada requests, etc” for sale that could be used for fraudulent data access requests to obtain private customer information including names, email addresses, phone numbers, and other personal information.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The FBI recommends that businesses double check the security posture of any connections between 3rd parties they interact with and their own systems, as well as external or remote connections.
Businesses should also be wary of emergency data requests that highlight the urgency of the requests, and check all the details within the request for inconsistencies or doctoring. The full list of mitigations can be found here.
You might also like
FBI issues Private Industry Notification on emergency data requests Hackers are using stolen .gov email addresses to pose as authorities Mitigations recommended by the FBI should be put in place Cybercriminals are using stolen government email addresses to submit fraudulent emergency data requests to US companies to steal personally identifying…
Recent Posts
- NASA’s mission to return humans to the Moon has been delayed again until 2026
- Microsoft’s Copilot can now browse the web with you, if you’re in the early preview
- A hardware security module designed for the cloud: Microsoft’s Azure Integrated HSM aims to significantly reduce network access latencies without compromising security
- Indiana Jones and the Great Circle’s early access period won’t include full ray tracing
- Stop using generative AI as a search engine
Archives
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- September 2018
- October 2017
- December 2011