FBI Flags Fraudulent Emergency Data Requests Using Compromised Government Emails

The FBI has issued a Private Industry Notification (PIN) warning of a rising trend in misusing compromised U.S. and foreign government email addresses to conduct fraudulent emergency data requests aimed at U.S.-based companies. This tactic, initially popularized by threat actors like Lapsus$, has gained traction on underground forums, where government email credentials are for sale. The postings indicate that these credentials can be used in social engineering and espionage, with some listings offering additional instructions on submitting fraudulent emergency data requests. Notably, in August 2024, a cybercriminal advertised “High-Quality .gov emails” for sale to buyers interested in exploiting them for data extortion and other illegal purposes.

A timeline of incidents demonstrates the evolution of this method, highlighting a marked increase in both sophistication and frequency. The earliest reported activity of concern was seen in December 2023, when emergency data request scams began leveraging false claims of life-or-death urgency, pressuring companies to release customer information immediately. In March 2024, another actor claimed to possess government emails from over 25 countries. In August 2023, cybercriminals began offering tutorials on generating fraudulent emergency data requests, often priced at $100, to retrieve sensitive data without standard verification checks. By August 2024, actors on forums were offering guidance on using these compromised emails, which has since escalated into a global cyber threat impacting organizations across multiple sectors.

The FBI recommends that organizations implement a series of measures to mitigate the risks associated with these attacks. Key steps include strengthening password protocols, using multi-factor authentication (MFA), securing Remote Desktop Protocol (RDP) access, and segmenting networks to limit exposure. The FBI also advises organizations to apply critical thinking when assessing emergency data requests and to establish verification processes before responding to emergency requests.