Summary
The Federal Bureau of Investigation (FBI) is releasing this Private Industry Notification to highlight a trend of compromised US and foreign government email addresses used to conduct fraudulent emergency data requests
to US-based companies, exposing personally identifying information (PII). While the concept of fraudulent emergency data requests was previously used by other threat actors, such as Lapsus$, the increase in postings on criminal forums regarding the process of emergency data requests and sale of compromised credentials has led to an increase of their use. The FBI encourages organizations to implement the recommendations in the Mitigations section to reduce the likelihood and impact from submission of fraudulent emergency data requests to attempt to gain unauthorized access to PII. Enhanced password protocols implemented in early 2023 highlighted that a mandated increase in password length, the use of multi-factor-authentication (MFA) for users with
administrative rights, policy controls directed at vishing, and improved baseline monitoring worked together to decrease successful attempts at cracking passwords and made networks more resilient to a threat actor’s initial intrusion and persistence.
Threat
As of August 2024, FBI noted an uptick in criminal forum posts regarding conducting fraudulent
emergency data requests and is releasing this notification for industry awareness. Cybercriminals are likely gaining access to compromised US and foreign government email addresses
and using them to conduct fraudulent emergency data requests to US based companies,
exposing the personal information of customers to further use for criminal purposes.
• In August 2024, a known cyber-criminal on an online forum posted their sale of “High
Quality .gov emails for espionage/social engineering/data extortion/Dada requests,
etc”, which included US credentials. The poster indicated they could guide a buyer
through emergency data requests and sell real stolen subpoena documents to pose as a
law officer.