FBI Warns that Criminals Could Send Fake Emergency Data Requests to Steal People's Private Information

The Federal Bureau of Investigation (FBI) has issued a warning to the entire tech industry about an increase in the number of fake emergency data requests (EDR) designed to extract personal information from companies.

Companies in the United States are required to provide information about their users if a lawful order from a judge accompanies that request. Companies usually scrutinize these requests before complying with the orders, but the same scrutiny isn't applied to emergency data requests. 

This is one of the reasons criminals falsify emergency data requests, knowing fully well that there's a good chance it will be granted. Law enforcement agencies use emergency data requests to obtain needed data when there's no time to go through the regular channels and get a subpoena from a judge. 

The urgency factor is what criminals seek, and the entire procedure of issuing EDRs has spawned a whole underground industry.

 "The Federal Bureau of Investigation (FBI) is releasing this Private Industry Notification to highlight a trend of compromised US and foreign government email addresses used to conduct fraudulent emergency data requests to US-based companies, exposing personally identifying information (PII)," the FBI has warned.

"While the concept of fraudulent emergency data requests was previously used by other threat actors, such as Lapsus$, the increase in postings on criminal forums regarding the process of emergency data requests and sale of compromised credentials has led to an increase of their use."

Authorities have noticed an increase in the number of criminal forum posts regarding fraudulent emergency data requests. This new development seems related to criminals getting access to compromised US and foreign government email addresses, which allows them to issue such requests and maintain credibility at the same time. 

The FBI offered a number of examples of such forum posts on criminal forums, showing just how advanced these operations have become.

 "In August 2024, a known cyber-criminal on an online forum posted their sale of 'High Quality .gov emails for espionage/social engineering/data extortion/Dada requests, etc', which included US credentials. The poster indicated they could guide a buyer through emergency data requests and sell real stolen subpoena documents to pose as a law officer."

"In March 2024, a known cyber-criminal posted photos on an online forum of a fraudulent emergency data request submitted to Paypal. According to PayPal, the threat actor submitted a fraudulent Mutual Legal Assistance Treaty (MLAT) regarding a local ongoing investigation into child trafficking, which included a case number and legal code for verification, but the request was ultimately denied by PayPal."

Some companies are more careful when dealing with these requests, but not all of them, especially when criminals convey supplementary information. For example, in one of the requests, fraudsters said that a person's life is in danger if the EDR is not granted immediately.