- FBI issues Private Industry Notification on emergency data requests
- Hackers are using stolen .gov email addresses to pose as authorities
- Mitigations recommended by the FBI should be put in place
Cybercriminals are using stolen government email addresses to submit fraudulent emergency data requests to US companies to steal personally identifying information (PII) of customers, which could be used for nefarious purposes such as phishing and identity theft, experts have warned.
This attack vector has grown in popularity since August 2023, warranting the issue of a Private Industry Notification from the FBI.
The Bureau has also issued a list of mitigation measures for businesses to put in place to keep personal data safe and ensure that only authentic data requests are processed.
Fraudulent requests on the rise
Over the last year, the FBI has logged a significant uptick in forum posts from cybercriminals relating to fraudulent data requests. The trend stemmed from one user stating that for $100, they could teach people to use data requests to obtain information on any social media account. Shortly thereafter, another user discovered that by using a ‘.gov’ email address, they could pose as the authorities and obtain much more detailed information to use for phishing.
Fraudulent data requests gradually became more advanced and more threatening, with one user posting in December 2023 that they included the threat of harm or death to an individual if the data request was not processed and approved.
Shortly following this in March 2024, another known cyber criminal submitted a Mutual Legal Assistance Treaty (MLAT) to PayPal. The MLAT used details from a child trafficking…
Read full post on Tech Radar
Discover more from Technical Master - Gadgets Reviews, Guides and Gaming News
Subscribe to get the latest posts sent to your email.
