The FBI has issued a warning to companies about cybercriminals exploiting compromised U.S. and foreign government email addresses to send fraudulent emergency data requests. These requests target U.S.-based companies, aiming to access customers' personally identifiable information (PII).
As of August 2024, the FBI has noted an increase in discussions on criminal forums about executing these fraudulent requests, prompting the release of this notification for industry awareness. Previous reports indicated that hackers had previously used email accounts linked to law enforcement agencies to bypass the standard court order process, claiming urgent access to healthcare data.
In the U.S., legitimate law enforcement agencies are required to obtain a court-ordered warrant or subpoena to access account ownership information from social media platforms. However, in cases involving imminent harm, they may make emergency data requests that do not require prior court approval.
In a related issue, the FBI, alongside the FDA and USDA, revealed that criminals have been employing business email compromise (BEC) scams to defraud small businesses, stealing food shipments worth hundreds of thousands of dollars. These scams involve spoofed emails that closely resemble those of legitimate companies, making it easy for suppliers to be misled.
In 2023, online scams led to American consumers and businesses losing a staggering $12.5 billion, marking a 22% increase in cybercrime compared to the previous year.