1. Forum
  2. FidoNet
  3. POLITICS

  • FBI warns hackers are fil

    From Mike Powell@1:2320/105 to All on Tue Nov 12 12:56:00 2024
    FBI warns hackers are filing fake police data requests to steal peoples
    private information

    Date:
    Mon, 11 Nov 2024 17:26:00 +0000

    Description:
    US businesses are being targeted by attackers using .gov email addresses to steal personal information.

    FULL STORY

    Cybercriminals are using stolen government email addresses to submit
    fraudulent emergency data requests to US companies to steal personally identifying information (PII) of customers, which could be used for nefarious purposes such as phishing and identity theft , experts have warned.

    This attack vector has grown in popularity since August 2023, warranting the issue of a Private Industry Notification from the FBI.

    The Bureau has also issued a list of mitigation measures for businesses to
    put in place to keep personal data safe and ensure that only authentic data requests are processed. Fraudulent requests on the rise

    Over the last year, the FBI has logged a significant uptick in forum posts
    from cybercriminals relating to fraudulent data requests. The trend stemmed from one user stating that for $100, they could teach people to use data requests to obtain information on any social media account. Shortly
    thereafter, another user discovered that by using a .gov email address, they could pose as the authorities and obtain much more detailed information to
    use for phishing.

    Fraudulent data requests gradually became more advanced and more threatening, with one user posting in December 2023 that they included the threat of harm
    or death to an individual if the data request was not processed and approved.

    Shortly following this in March 2024, another known cyber criminal submitted
    a Mutual Legal Assistance Treaty (MLAT) to PayPal. The MLAT used details from
    a child trafficking investigation, including case number and legal code to appear legitimate, however PayPal declined the MLAT.

    In August 2024, a cybercriminal listed High Quality .gov emails for espionage/social engineering/data extortion/Dada requests, etc for sale that could be used for fraudulent data access requests to obtain private customer information including names, email addresses, phone numbers, and other
    personal information.

    The FBI recommends that businesses double check the security posture of any connections between 3rd parties they interact with and their own systems, as well as external or remote connections.

    Businesses should also be wary of emergency data requests that highlight the urgency of the requests, and check all the details within the request for inconsistencies or doctoring.


    ======================================================================
    Link to news story: https://www.techradar.com/pro/fbi-warns-hackers-are-filing-fake-police-data-re quests-to-steal-peoples-private-information

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)