The FBI has warned of an uptick in fraudulent emergency data requests. Cybercriminals masquerading as law enforcement (or other officials using compromised governmental emails) are increasingly abusing easy access to sensitive data.
Emergency Data Requests (EDRs) are a legal procedure for US law enforcement agencies to obtain information from tech companies and other providers in emergency situations without a warrant or subpoena requirements.
EDRs are supposed to help in life-or-death situations, but cybercriminals now are using them as a shortcut to bypass any reviews and obtain information immediately.
The FBI recently released an alert warning that cybercriminals are submitting fraudulent emergency data requests to US-based companies using compromised US and foreign government email addresses.
One of the pioneers of using EDRs for fraudulent activities was threat actor Lapsus$, which was later dismantled by authorities. However, malicious activity has dramatically increased recently.
The FBI’s alert details six cases where criminals sold stolen sensitive data on illicit forums.
“In August 2024, a known cyber-criminal on an online forum posted their sale of ‘High-Quality .gov emails for espionage/social engineering/data extortion/Dada requests, etc,’ which included US credentials. The poster indicated they could guide a buyer through EDRs and sell real stolen subpoena documents to pose as a law officer,” the FBI said about the latest scheme.
In March 2024, cybercriminals on an illicit forum claimed they ‘owned’ governmental emails from over 25 countries and boasted of being able to gain access to usernames, phone numbers, emails, and other private client information.
Another known threat actor posted photo requests that were submitted to PayPal. According to the company, the fraudulent requests regarding an ‘ongoing investigation into child trafficking’ were ultimately denied.
Previously, cybercriminals have been observed sending fake EDRs along with statements indicating an individual could die unless the requested information is provided. One threat actor offered help for users to impersonate law enforcement officers or government entities.
In August 2023, one criminal even offered to teach individuals how to create and submit EDRs to access ‘any social media account’ for $100.
The FBI urges companies to ‘apply critical thinking’ and double-check any EDRs received.
“FBI recommends looking at the legal codes referenced in the emergency data request, as
they should match what would be expected from the originating authority. For example, if this request is coming from a country outside the US, it should not appear to be copied and pasted language from the US Title Code. Similarly, a foreign country’s law enforcement would not be attaching a US subpoena,” one of the recommendations reads.
The alert also suggests that tech companies review the security posture of third-party vendors. The long list of mitigations includes basic cybersecurity hygiene, such as strong password security and access controls, keeping systems up to date, and many others.
FBI offers assistance with identifying and mitigating vulnerabilities and suggests maintaining liaison relationships with the FBI Field Office in the region.
Your email address will not be published. Required fields are markedmarked