Hackers are increasingly exploiting “emergency data requests” to trick companies into disclosing sensitive user information, according to an FBI alert. These requests bypass traditional court warrants to aid urgent investigations but are being manipulated by cybercriminals.
Groups like LAPSUS$ have exploited this tactic, deceiving companies such as Apple and Meta into revealing addresses, phone numbers, and IPs. Despite arrests, others are leveraging stolen government email accounts to pose as law enforcement. Some hackers even sell guides and templates for creating fake requests, offering their services for as little as $100.
Recent incidents include fake requests targeting PayPal, which detected and denied them. The FBI advises government agencies to enhance email security with multi-factor authentication and strong passwords. Companies receiving these requests are urged to scrutinize legal codes, document signatures, and logos for signs of forgery.
This growing cyber threat highlights how urgency can be weaponized to bypass proper verification, underscoring the need for vigilance in handling sensitive data requests.