- Cybercriminals pose as law enforcement to trick tech companies into handing over user data
- Tactics include typosquatted police emails and BEC-compromised official inboxes
- Tech companies now rely on controlled data request portals to reduce fraudulent disclosures
While most data theft happens through software vulnerabilities and phished login credentials, big tech companies sometimes give their customers’ PII to law enforcement — gladly.
They are of course unaware that the ‘law enforcement agencies’ they share the data with are actually cybercriminals looking for material in their identity theft and fraudulent schemes.
Wired reports that some cybercriminals are taking advantage of the fact that large technology companies, such as Apple, are legally required to share some data with law enforcement under certain conditions and through specific channels.
Google employees against warfare
Sometimes the police will investigate a crime or a matter of national security and will ask Apple, Google, Facebook or other companies to share information they have about specific people. Since these companies have large user data and often have full customer profiles, this type of information can be invaluable in an investigation.
In other cases, the police will respond to a crisis that could result in immediate harm and will make an emergency request for data.
Cybercriminals know this and are constantly targeting these companies in various ways in an attempt to get hold of their data sets. One way they do this is through typos – they would create websites and email addresses that appear to be identical to official police addresses, with the difference being just one letter or character.
Then they reach out with carefully crafted emails that are almost indistinguishable from legitimate police correspondence, hoping that the recipient won’t notice the difference and ends up sharing the information.
Another way they do this is through Business Email Compromise (BEC) – by first breaking into the inboxes of relevant agents and officials and using their emails instead.
This approach, although more difficult to implement, works better as the legitimacy of the requests is significantly higher.
The good news is that most major technology companies have created forms for data requests, which are then carefully researched and scrutinized.
Via Apple Insider
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
