FBI warns Gmail and Outlook users of $100 government emergency email hack

After being offered for sale on an underground cybercrime forum for high-quality government email addresses with full credentials and instructions on how to use them in an emergency data request attack for an additional $100, the Federal Bureau of Investigation has issued a warning. to all email users. Suggesting that the credentials could be used for anything from spying to data extortion or ransomware, the attacker said it was also possible to purchase stolen subpoena documents that would allow the attacker to impersonate a law enforcement officer.

ForbesCourt Rules Fourth Amendment Eliminates Warrant to Search Gmail for Illegal ContentTO Davey Winder

Selling compromised government email credentials

The Federal Bureau of Gas Investigation has issued a notice to private businesses. PIN 20241104-001warning of a continuing trend of cyberattacks using compromised US and foreign government email addresses. The attack technique involves the use of fraudulent emergency data requests, which may require the company to immediately provide information, while bypassing additional checks on the legitimacy of the request, due to their urgent nature, in order to disclose confidential information.

The type of threat itself, while a particularly sophisticated and somewhat sophisticated variant of simpler phishing attacks, is not new, but the increased volume of messages offering both the compromised credentials themselves and the knowledge needed to exploit them is.

Chronology of crimes related to email compromise

The FBI noted that the first sales of the Emergency Data Request Notification scam occurred more than a year ago, in August 2023. At this time, detailed instructions were offered for $100 on the dark web. By October 2023, another cybercriminal was offering to use compromised government email addresses along with these instructions. Essentially, this allowed the hacker to look like a law enforcement officer for all intents and purposes. This quickly meant that the methodology was used as an initial access sector and sold by brokers to trade ransomware. In December 2023, campaigns using this method were discovered in which purported law enforcement or government officials exploited a person’s probable death if information was not provided immediately.

ForbesGoogle claims world first as AI finds zero-day security vulnerabilityTO Davey Winder

Fast forward to now: cybercriminals claiming rights to compromised government emails in 25 countries were offering the full package, including US credentials and real but stolen documents for subpoena.

FBI Mitigation Measures for Emergency Email Attacks

The FBI Alert includes the following mitigation measures:

• Review the security posture of all third-party providers associated with your organization.
• Monitor external connections.
• Implement an incident recovery plan.
• Apply critical thinking to any emergency data requests received.
• Use protocols with strong passwords.
• Use secure password storage.
• Use two-factor authentication.
• Set up accounts based on the principle of least privilege.
• Using the Secure Remote Desktop Protocol.
• Segmented networks.
• Keep all software and operating systems up to date.

Perhaps the most important of all these methods is the use of critical thinking. Scammers and hackers alike rely on knee-jerk reactions, using time-limited instructions to trick you into doing something you would normally be suspicious of. Out of the blue, following the instructions in an emergency data request email without receiving proof of origin and without a second set of eyes for authentication is exactly the kind of scenario that an attacker relishes. Take this FBI warning seriously, or it could cost you dearly.