As part of the public notice, the FBI underlined the critical danger that fraudulent emergency data requests, which represent a legal procedure aimed at supporting police and federal authorities gain information from companies to respond to threats, pose to the public and the organisations. However, this abuse is not current, with cases being heavily reported in recent years. The FBI now focuses on alerting individuals that it witnessed a spike around August 2024 in criminal posts promoting access to or making fraudulent emergency data requests.
The FBI’s public notice mentions that cybercriminals are most likely obtaining access to compromised US and foreign government email address and leveraging them to make fraudulent emergency data request to tech companies around the region. This leads to exposing the private details of customers, such as emails and phone numbers, to further utilise for criminal intentions. In addition, the FBI mentioned that it witnessed numerous public posts made by hackers over 2023 and 2024, alleging access to email addresses leveraged by US law enforcement and other foreign governments. The national security organisation highlighted that this access was used to forward fraudulent subpoenas and other legal claims to companies wanting private user data stored on their systems.
Additionally, cybercriminals successfully impersonated law enforcement through compromised police accounts to send emails to firms requesting customer data. In some particular instances, the demands cited false threats, such as claims that an individual would greatly suffer if the company did not return the requested information. Moreover, the national security organisation mentioned that the compromised access to law enforcement accounts enabled hackers to create genuine-looking subpoenas, resulting in companies providing usernames, email addresses, phone numbers, and other personal data about their customers. However, not all fraudulent attempts to file emergency data requests were successful.
Furthermore, the FBI alerted law enforcement organisation to take the necessary measures to optimise their cybersecurity methods to prevent any intrusions, including stronger passwords and multi-factor authentication. At the same time, the national security organisation said that private companies need to apply critical thinking to emergency data requests, as hackers understand the need for constraint.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now