Phishing emails are a common tactic used by scammers, but they’re usually easy to catch if you’re careful. Awkward grammar, random details, and most importantly, unofficial email addresses are completely useless. For example, you might receive an email informing you that your Apple ID has been disabled, but the sender’s email isn’t actually from Apple. But now scammers are finding ways to get around this.
According to the FBI, there has been a recent increase in cybercrime services using hacked police and government email accounts to send bogus subpoenas and data requests to U.S.-based technology companies.
We’re giving away a $500 gift card this holiday season.
Please enter by sign up For my free newsletter!
Illustration of a scammer at work (Kurt “Cyber Guy” Knutson)
What you need to know
of F.B.I. Posts on criminal forums about urgent data requests from police and government agencies and theft of email credentials have skyrocketed. Cybercriminals hack into compromised U.S. and foreign government email accounts and use them to send bogus emergency data requests to U.S.-based companies, allowing customer data to be further exploited for other crimes You will be exposed to
In August 2024, popular cybercriminals advertised on online forums the sale of “high-quality .gov emails” for purposes such as espionage, social engineering, data extortion, and emergency data requests. The list also included U.S. credentials, and sellers claimed they could coach buyers to make emergency data requests or sell genuine stolen subpoenas to impersonate law enforcement.
Another cybercriminal boasted that he had government emails from more than 25 countries. They claimed that anyone could use these emails to subpoena technology companies and access usernames, emails, phone numbers, and other private customer information. Some scammers are hosting “masterclasses” on how to create and submit your own emergency data requests to retrieve data from social media accounts, charging $100 for the full overview. I am.
Illustration of a scammer at work (Kurt “Cyber Guy” Knutson)
A flaw in Windows could allow hackers to break into your PC via Wi-Fi
How this phishing scam works
Federal, state, and local law enforcement agencies typically require a warrant, subpoena, or court order to request information about a technology company’s accounts, such as email addresses and other account details. If a tech company receives one of these requests from an official email address, it must comply. So if fraudsters have access to government email, they can forge subpoenas and obtain information about almost anyone.
To avoid verification, fraudsters often submit emergency data requests, claiming that someone’s life is at risk and the data is urgently needed. Companies may hand over information even if the request turns out to be bogus in order to keep up in the event of a real emergency. Scammers make it difficult for companies to take the time to verify the request by portraying it as a life-or-death situation.
For example, the FBI reported earlier this year that a known cybercriminal posted a photo of a fake emergency data request sent to PayPal on an online forum. Scammers use fraudulent Mutual Legal Assistance Agreements to claim that it is part of a field investigation into child trafficking, with a case number and legal code for verification, and to make it legal. I tried to show it. However, PayPal recognized that it was not an actual law enforcement request and rejected it.
Illustration of a person receiving a phishing email (Kurt “Cyber Guy” Knutson)
Cyber crooks use AI to manipulate Google search results
What can businesses do to avoid falling for these phishing scams?
1) Review all data requests. Companies must verify all data requests, even legitimate ones, before sharing sensitive information. Establish a protocol for verifying requests directly with the institution or organization that allegedly submitted the request.
2) Enhance email security. Block emails from unauthorized sources using email authentication protocols such as DMARC, SPF, and DKIM. Implement anti-phishing filters to detect suspicious content in messages.
3) Train employees on phishing awareness. Regular training sessions on phishing scams can help employees recognize red flags such as urgent language, unusual requests, and emails from unknown addresses. Employees should be encouraged to report suspicious emails.
4) Restrict access to sensitive data. Limit who can see or share sensitive customer data. The fewer people who have access, the less chance of accidental or intentional data leaks.
5) Implement emergency verification procedures: Implement a clear verification process for “urgent” data requests, including steps to double-check with senior management or legal teams before responding to urgent requests for customer information.
Illustration of a scammer at work (Kurt “Cyber Guy” Knutson)
Need to do something?
This phishing scam primarily targets large technology companies, so there’s not much you can do directly. However, this is a reminder that you should not automatically trust email, even if it comes from a .gov address. Here are some steps you can take to stay safe.
1) Double-check your email address and link. Even if the email looks official, check the sender’s email address and hover over the link to see where it actually goes. Please note if there is anything unusual. The best way to protect yourself from malicious links is to install antivirus software on all your devices. This protection also warns you about phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best antivirus protection products of 2024 for Windows, Mac, Android, and iOS devices.
2) Enable two-factor authentication (2FA). use 2FA For all sensitive accounts. This extra layer of security helps protect you even if your login credentials are compromised.
3) Stay informed about phishing scams: Stay up to date with the latest phishing tactics so you know what to look out for. Regular updates allow us to spot new types of scams before they affect you.
4) Check for suspicious requests. If you receive an unexpected email requesting sensitive information, please contact the sender directly through official channels to confirm the request.
Illustration of a scammer at work (Kurt “Cyber Guy” Knutson)
Prevent people nearby from hearing your voicemails with this simple tip
Cart important points
Scammers are taking phishing emails to a whole new level. If you receive something suspicious, we recommend checking the email carefully to see if it is legitimate. But now scammers have access to government email as well, so you need to be extra careful. This phishing scam appears to primarily target large tech companies. Therefore, it is the responsibility of businesses to enforce security and thoroughly verify all requests before sharing user information. It is also the responsibility of governments around the world to protect digital assets from infringement.
What is your stance on how the government is dealing with cybersecurity? Are we doing enough to protect sensitive data? Please email us at. Cyberguy.com/Contact.
CLICK HERE TO GET THE FOX NEWS APP
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report newsletter using the link below. Cyberguy.com/Newsletter.
Ask your cart a question or let us know your story you’d like us to feature.
Follow Kurt on his social channels.
Answers to CyberGuy frequently asked questions:
New from cart:
Copyright 2024 CyberGuy.com. Unauthorized reproduction is prohibited.
