- Cybercriminals pose as law enforcement officers to trick tech companies into handing over user data
- Tactics include misspelled police emails and BEC compromised official inboxes
- Tech Companies Now Relying on Vetted Data Request Portals to Reduce Fraudulent Disclosures
While most data theft occurs through software vulnerabilities and fraudulent login credentials, sometimes large tech corporations hand over their customers’ PII to law enforcement authorities, voluntarily.
Of course, they are not aware that the “law enforcement” they share the data with are actually cybercriminals looking for material for their fraudulent and identity theft schemes.
Wired reports that some cybercriminals are taking advantage of the fact that big tech companies, like Apple, are legally required to share some data with authorities, under certain conditions and through specific channels.
Google employees against war
Sometimes police investigate a crime or national security issue and ask Apple, Google, Facebook or other companies to share information they have on specific individuals. Since these companies possess a large amount of user data and often have complete customer profiles, this type of information can prove invaluable in an investigation.
In other cases, police will respond to a crisis that could result in immediate harm and make an emergency data request.
Cybercriminals know this and are constantly attacking these companies in different ways in an attempt to get their hands on their data sets. One way to do this is through typosquatting: they would create websites and email addresses seemingly identical to official police addresses, with the difference of a single letter or character.
They then send carefully crafted emails, almost indistinguishable from legitimate police correspondence, hoping that the recipient won’t notice the difference and ends up sharing the information.
Another way to do this is through Business Email Compromise (BEC), that is, by first breaking into the inboxes of the relevant agents and officials and using their emails instead.
This approach, although more difficult to implement, works better, since the legitimacy of the requests is significantly higher.
The good news is that most big tech companies have created data request forms, which are then carefully vetted and vetted.
Through Apple Insider
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
