Earlier this month, the FBI issued a warning to U.S.-based companies about a rise in the submission of “fraudulent” emergency data requests from cybercriminals seeking to steal sensitive information.

How an emergency data request works

According to TechCrunch, during most investigations, police and federal agencies are required to have a search warrant in order to request user information stored with privately owned companies. However, in cases that are more time-sensitive, agents are often permitted to send companies an emergency data request via email. This process enables them to quickly secure information so they can “respond to immediate threats affecting someone’s life or property.”

Once companies grant an emergency request, they often give the requester access to potentially sensitive data, such as users’ account or contact information. While convenient, the expedited nature of the process is problematic, as cybercriminals have discovered they can utilize compromised government email accounts to pose as officials and make supposed emergency data requests. When cybercriminals are given access to the data, they can then use it to harass individuals or rope them into “financial fraud schemes.”

Government and businesses alike need to remain vigilant

Although the FBI has been aware of the exploitation of the emergency data request process for years, the agency believes that the latest surge in false requests is due to an “increase in postings on criminal forums regarding [the process]” that took place this summer. According to the report:

“In August 2024, a known cyber-criminal on an online forum posted their sale of ‘High Quality .gov emails for espionage/social engineering/data extortion/Dada requests, [sic] etc.,’ which included US credentials. The poster indicated they could guide a buyer through emergency data requests and sell real stolen subpoena documents to pose as a law officer.”

It is unclear what companies (if any) have responded to the latest fraudulent requests, but previously, attackers have probed well-known organizations that store vast amounts of personal data, such as Meta, Snap, and Discord.

In addition to encouraging those within government agencies to increase their internal security protocols to avoid the breach and misuse of official email accounts, the FBI also gave advice to private businesses that may be potentially targeted by false emergency data requests:

“Private Sector Companies receiving Law Enforcement requests should apply critical thinking to any emergency data requests received. Cyber-criminals understand the need for exigency, and use it to their advantage to shortcut the necessary analysis of the emergency data request. FBI recommends reviewers pay close attention to doctored images such as signatures or logos applied to the document.

In addition, FBI recommends looking at the legal codes referenced in the emergency data request, as they should match what would be expected from the originating authority. For example, if this request is coming from a country outside of the United States, it should not appear to be copied and pasted language from the U.S. Title Code. Similarly, a foreign country’s law enforcement would not be attaching a U.S. subpoena. If suspicion and the need for validation arises, the FBI recommends contacting the sender and originating authority to discuss the request further.”

The post FBI warns of threat actors posing as federal agencies in latest cyber attacks appeared first on OPUSfidelis.