- Cybercriminals impersonate law enforcement to trick tech companies into handing over user data
- Tactics include squatting police emails and compromising official inboxes by the BEC.
- Tech companies now rely on approved data request portals to reduce fraudulent disclosures
While most data theft occurs through software vulnerabilities and phished login credentials, there are times when large technology companies voluntarily hand over their customers’ personal information to law enforcement.
Of course, they are unaware that the “law enforcement” they share the data with are actually cybercriminals looking for evidence for their identity theft and fraud schemes.
Wired reports that some cybercriminals are taking advantage of the fact that big tech companies, like Apple, are legally required to share certain data with law enforcement, under certain conditions and through specific channels.
Google employees against the war
Sometimes police are investigating a crime or national security matter and ask Apple, Google, Facebook or other companies to share information they have on specific individuals. Since these companies hold vast user data and often have comprehensive customer profiles, this type of information can prove invaluable in an investigation.
In other cases, police will respond to a crisis that could result in immediate harm and make an emergency data request.
Cybercriminals know this and are constantly targeting these companies in different ways to try to get their hands on their data sets. One way they do this is through typosquatting: they create websites and email addresses that appear to be identical to official police addresses, the difference being just one letter or character.
Then they send carefully worded emails, almost indistinguishable from legitimate police correspondence, in the hopes that the recipient won’t notice the difference and will eventually share the information.
Another way to achieve this is to use Business Email Compromise (BEC) – by first breaking into the inboxes of relevant agents and managers and using their emails instead.
This approach, although more difficult to implement, works better because the legitimacy of the requests is significantly higher.
The good news is that most big tech companies have data request forms in place, which are then carefully reviewed and reviewed.
Via Apple Insider
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
