The following was originally posted to the ALTA Open Forum Security Buzz.

Cybercriminals are exploiting a system designed for emergencies to steal your personal information. The FBI has issued a warning about a concerning trend: the increasing use of fraudulent emergency data requests (EDRs) by cybercriminals.

EDRs are legitimate tools that law enforcement uses to obtain information from online service providers in urgent situations where there isn't enough time to secure a warrant or subpoena. These requests are usually approved as long as they originate from a valid law enforcement email address.

Unfortunately, cybercriminals are exploiting this process by utilizing hacked police and government email accounts to send fake EDRs. This makes it challenging for companies to verify the authenticity of the requests, placing them in a difficult situation.  

If a company refuses to comply with what appears to be a legitimate request, it could have serious consequences if there is a real emergency. Conversely, if they comply, it may result in the exposure of sensitive customer information to criminals.

Examples of This Scheme in Action:

• Cybercriminals are selling access to hacked .gov email addresses, including US credentials, which they claim can be used for EDRs
• One individual, known as "Pwnstar," is selling fake EDR services, claiming to have access to government emails from over 25 countries
• Another tactic involves the use of forged court-approved subpoenas sent through compromised email accounts
• Cybercriminals are even using Kodex, a platform designed to verify law enforcement requests, to make their fake requests appear more legitimate

Verizon's transparency report indicates a high compliance rate with EDRs, with records being provided in approximately 90% of cases. This highlights the effectiveness of this tactic. Financial institutions and cryptocurrency platforms are particularly concerned about fake EDRs being used to freeze or seize funds.

Takeaways:

• Our data is at risk: All this means our personal information is more vulnerable than ever. It's a stark reminder that cybercriminals are constantly finding new ways to exploit systems, even those designed for emergencies.
• Financial institutions are particularly vulnerable: Banks and cryptocurrency platforms are prime targets for this kind of scam because fake EDRs can be used to steal money directly from customer accounts. It's a wake-up call for these institutions to step up their security measures.

Both law enforcement agencies and companies need to be more vigilant. Law enforcement needs better cybersecurity to protect their systems, and companies need more robust verification processes to weed out these fake requests. This isn't going away anytime soon, so staying ahead of these criminals is an ongoing challenge.