Hacked government or police email accounts, combined with forged legal documents, enable fraudulent activation of this process.

On November 4, 2024, the FBI issued a warning about a sharp increase in the sale of credentials for police and government agency email accounts on criminal forums. These credentials are often accompanied by forged legal documents, such as warrants or subpoenas. Together, they enable the fraudulent submission of fake emergency data requests to U.S. companies.

“Cybercriminals gain access to compromised email accounts of U.S. and foreign government entities and use them to make fraudulent emergency data requests to U.S.-based companies, exposing customer personal information to subsequent criminal use,” the FBI summarized.

In the United States, an emergency data request is triggered when a criminal investigation requires information about an individual as quickly as possible. This request must explicitly involve a judicial authority. Technology companies that receive such requests typically comply. For instance, Verizon responded to 90% of the 36,000 requests it received in the first half of 2023.

Some hackers bypass legal documents entirely, claiming that a person is at immediate risk of being killed if the data is not provided promptly. Faced with such supposed life-threatening emergencies, the mere fact that the request comes from an official email address often convinces technology companies to comply.

Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.