FBI warns hackers are filing fake police data requests to steal people’s private information

News
By published

Fake data requests are being used for phishing

The FBI flag (Federal Bureau of Investigation) painted on a brick wall.
(Image credit: Shutterstock / BreizhAtao)
  • FBI issues Private Industry Notification on emergency data requests
  • Hackers are using stolen .gov email addresses to pose as authorities
  • Mitigations recommended by the FBI should be put in place

Cybercriminals are using stolen government email addresses to submit fraudulent emergency data requests to US companies to steal personally identifying information (PII) of customers, which could be used for nefarious purposes such as phishing and identity theft, experts have warned.

This attack vector has grown in popularity since August 2023, warranting the issue of a Private Industry Notification from the FBI.

The Bureau has also issued a list of mitigation measures for businesses to put in place to keep personal data safe and ensure that only authentic data requests are processed.

Fraudulent requests on the rise

Over the last year, the FBI has logged a significant uptick in forum posts from cybercriminals relating to fraudulent data requests. The trend stemmed from one user stating that for $100, they could teach people to use data requests to obtain information on any social media account. Shortly thereafter, another user discovered that by using a ‘.gov’ email address, they could pose as the authorities and obtain much more detailed information to use for phishing.

Fraudulent data requests gradually became more advanced and more threatening, with one user posting in December 2023 that they included the threat of harm or death to an individual if the data request was not processed and approved.

Shortly following this in March 2024, another known cyber criminal submitted a Mutual Legal Assistance Treaty (MLAT) to PayPal. The MLAT used details from a child trafficking investigation, including case number and legal code to appear legitimate, however PayPal declined the MLAT.

In August 2024, a cybercriminal listed “High Quality .gov emails for espionage/social engineering/data extortion/Dada requests, etc” for sale that could be used for fraudulent data access requests to obtain private customer information including names, email addresses, phone numbers, and other personal information.

The FBI recommends that businesses double check the security posture of any connections between 3rd parties they interact with and their own systems, as well as external or remote connections.

Businesses should also be wary of emergency data requests that highlight the urgency of the requests, and check all the details within the request for inconsistencies or doctoring. The full list of mitigations can be found here.

You might also like

Benedict Collins
Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Read more
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Hacker silhouette working on a laptop with North Korean flag on the background
FBI claims North Korean workers are hacking the US companies which hired them
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Shopping scams
New wave of sextortion scams uses personal details and images to intimidate targets while bypassing traditional security measures
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft authentication system spoofed via phishing attack
Phishing
Corporate executives are being increasingly targeted by AI phishing scams
Latest in Pro
cybersecurity
What's the right type of web hosting for me?
Security padlock and circuit board to protect data
Trust in digital services around the world sees a massive drop as security worries continue
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
construction
Building in the digital age: why construction’s future depends on scaling jobsite intelligence
Latest in News
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
More about pro
Silicon Motion MonTian 128TB SSD

More 128TB SSDs on the way, but they won't be cheaper: Key maker of NAND flash controllers says 128TB SSDs are shipping
Toshiba HDD Innovation Lab

How to make hard drives faster? Simple, just bunch dozens of them together, Toshiba says
Compal Infinite Laptop

This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
See more latest
Most Popular
Compal Infinite Laptop
This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
Silicon Motion MonTian 128TB SSD
More 128TB SSDs on the way, but they won't be cheaper: Key maker of NAND flash controllers says 128TB SSDs are shipping
Toshiba HDD Innovation Lab
How to make hard drives faster? Simple, just bunch dozens of them together, Toshiba says
Asus Ascent GX10
Asus debuts its own mini AI supercomputer: Ascent GX10 costs $2999 and comes with Nvidia's GB10 Grace Blackwell Superchip
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Micron SOCAMM memory module
World's biggest RAM vendors develop superior memory form factor exclusively for Nvidia, sorry Intel and AMD