FBI Warns About A Spike In Hacked Police Emails by Tyler Cross

Tyler Cross

Published on: November 13, 2024
Former Senior Writer

The Federal Bureau of Investigation (FBI) recently put out an alert warning the world’s governments and police districts that there’s been a large uptick of stolen police information winding up on hacker forums.

Hackers have been fraudulently acquiring compromised email accounts for various government and police districts around the world and selling them more often than ever before, which in turn also caused a rise in criminals maliciously using the information. They’ve been sending fake subpoenas and customer data requests to US-based companies in an attempt to damage them.

“In August 2024, a known cyber-criminal on an online forum posted their sale of “High

Quality .gov emails for espionage/social engineering/data extortion/Dada requests,

etc”, which included US credentials,” the FBI alert reads. “The poster indicated they could guide a buyer through emergency data requests and sell real stolen subpoena documents to pose as a law officer.”

The report also highlights other ways criminals are acting fraudulently. In some cases, the scammer bragged about obtaining sensitive government emails from over 25 countries.

“In August 2023, a cyber-criminal stated they were teaching individuals how to create

and submit their own emergency data requests to get information on any social media

account for 100USD,” the FBI said.

The FBI has also given some advice on the best ways to deal with these scams.

“Enhanced password protocols implemented in early 2023 highlighted that a mandated

increase in password length, the use of multi-factor-authentication (MFA) for users with

administrative rights, policy controls directed at vishing, and improved baseline monitoring

worked together to decrease successful attempts at cracking passwords and made networks

more resilient to a threat actor’s initial intrusion and persistence,” the report reads.

They also recommend that companies review the security of third-party companies that they have relationships with and make sure that they regularly monitor remote connections.