The US Federal Bureau of Investigation (FBI) has issued an urgent warning to business and law enforcement agencies that cybercriminals are using genuine stolen US and foreign government email addresses to hack into companies.
As of August this year, the FBI has observed an increase in posts on criminal forums relating to fraudulent emergency data requests. In August 2024, a cyber-criminal known to the FBI offered for sale, “High Quality .gov emails for espionage/social engineering/data extortion requests, etc”, that included official US credentials. The cyber-criminals also offered to guide buyers through emergency data requests and to sell real stolen subpoena documents to allow the buyer(s) to pose as law enforcement officers.
According to an FBI Private Industry Notification issued on November 4th this year: “Cyber criminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests to US-based companies, exposing the personal information of customers to further use for criminal purposes.”
Training on sending fake data requests offered for $100
As early as August 2023, the FBI observed that a cyber-criminal stated they were teaching individuals how to create and submit their own emergency data requests in order to obtain information on any social media account for only US$100. In March 2024, the FBI noted that a known cyber-criminal on an online forum then indicated they “owned” government emails from over 25 countries, and that through a successful subpoena, the potential buyer could gain access to usernames, emails, phone numbers, and other private client information.
This followed on from a post on October 2023, stating that .gov emails could be used to carry out emergency data requests on users, thereby allowing a user to “become” a law enforcement officer or government entity. They further stated that the data obtained could be used to carry out phishing or malware attacks against the government sector.
The FBI now recommends that private sector companies receiving Law Enforcement requests “should apply critical thinking” to any emergency data requests they now receive. The FBI also recommends that companies pay close attention to potentially doctored images, such as signatures or “official” logos, that are applied to the document. If anything looks suspicious, the FBI suggests contacting the sender and originating authority to discuss the request further. The FBI also recommends that businesses should be wary of emergency data requests that highlight the urgency of the request.
