What is the 'Emergency Email' scam and how does it work?
Posted: Sat Dec 21, 2024 3:57 am
In a recent alert, the FBI has called attention to a dangerous new strain of “emergency email” scam that is threatening Gmail and Outlook users.
The scam, which involves the use of compromised government emails, could expose sensitive user data, enabling espionage and extortion through fake requests for emergency data.
Digital Security: Learn about the most common scams and how to avoid them
In recent months, the FBI has identified hackers using compromised chinese overseas australia database government emails to send fake emergency requests claiming extreme urgency to obtain information without going through security checks. According to the FBI, these deceptive messages claim to be from law enforcement and sometimes include forged subpoena documents.
The criminals behind this scam purchase government email addresses and full credentials from underground dark web forums. This access allows them to make fraudulent requests that can trick organizations and businesses into handing over information, such as personal and financial data, without further verification.
Scammers Target: Who's at Risk?
The emergency email scam poses a serious threat to anyone with an email account, but companies that handle large amounts of data and sensitive information are especially targeted. The FBI noted that these compromised government accounts can be used for both espionage and data theft, as well as to facilitate ransomware attacks — a type of cyberattack where access to a victim’s data is blocked until a ransom is paid.
Businesses, large and small, as well as individual email users, should take precautions, especially on platforms like Gmail and Outlook, where these attacks have occurred.
How to protect yourself from the emergency email scam? Tips from the FBI
The FBI has released security measures to help users protect themselves from this emergency email scam. Check out the main recommendations below:
Check the Security of Associated Third Parties
Many companies rely on external vendors for data storage and management. Make sure all vendors comply with strict cybersecurity policies.
Monitor External Connections and Access
Implementing network monitoring to detect suspicious access is one of the most effective ways to prevent attacks. Set alerts for anomalous connections and unusual activities.
Use Strong Passwords and Secure Storage
Weak or repeated passwords increase the risk of hacking. The FBI recommends using password managers and implementing two-factor authentication whenever possible to make it harder for criminals to gain access.
Adopt the Principle of Least Privilege
Limit access to systems to the bare minimum, allowing each user only the privileges required for their role. This practice reduces the chances of a cybercriminal exploiting a compromised account to gain access to broader data.
Configure Secure Remote Desktop Protocol and Maintain Network Segmentation
By segmenting networks and adopting security protocols for remote access, the potential for damage in the event of a breach is reduced. This control prevents hackers from advancing to more sensitive systems.
Update Your Systems and Software Regularly
Frequent software updates, including security patches, help protect against vulnerabilities that cybercriminals actively exploit. Always keep your operating system and the software used on your device up to date.
Practice Critical Thinking with Emergency Data Requests
Carefully evaluate any request that mentions urgency and involves user data. Rather than responding immediately, confirm the legitimacy of the request with the authority that supposedly sent it.
The scam, which involves the use of compromised government emails, could expose sensitive user data, enabling espionage and extortion through fake requests for emergency data.
Digital Security: Learn about the most common scams and how to avoid them
In recent months, the FBI has identified hackers using compromised chinese overseas australia database government emails to send fake emergency requests claiming extreme urgency to obtain information without going through security checks. According to the FBI, these deceptive messages claim to be from law enforcement and sometimes include forged subpoena documents.
The criminals behind this scam purchase government email addresses and full credentials from underground dark web forums. This access allows them to make fraudulent requests that can trick organizations and businesses into handing over information, such as personal and financial data, without further verification.
Scammers Target: Who's at Risk?
The emergency email scam poses a serious threat to anyone with an email account, but companies that handle large amounts of data and sensitive information are especially targeted. The FBI noted that these compromised government accounts can be used for both espionage and data theft, as well as to facilitate ransomware attacks — a type of cyberattack where access to a victim’s data is blocked until a ransom is paid.
Businesses, large and small, as well as individual email users, should take precautions, especially on platforms like Gmail and Outlook, where these attacks have occurred.
How to protect yourself from the emergency email scam? Tips from the FBI
The FBI has released security measures to help users protect themselves from this emergency email scam. Check out the main recommendations below:
Check the Security of Associated Third Parties
Many companies rely on external vendors for data storage and management. Make sure all vendors comply with strict cybersecurity policies.
Monitor External Connections and Access
Implementing network monitoring to detect suspicious access is one of the most effective ways to prevent attacks. Set alerts for anomalous connections and unusual activities.
Use Strong Passwords and Secure Storage
Weak or repeated passwords increase the risk of hacking. The FBI recommends using password managers and implementing two-factor authentication whenever possible to make it harder for criminals to gain access.
Adopt the Principle of Least Privilege
Limit access to systems to the bare minimum, allowing each user only the privileges required for their role. This practice reduces the chances of a cybercriminal exploiting a compromised account to gain access to broader data.
Configure Secure Remote Desktop Protocol and Maintain Network Segmentation
By segmenting networks and adopting security protocols for remote access, the potential for damage in the event of a breach is reduced. This control prevents hackers from advancing to more sensitive systems.
Update Your Systems and Software Regularly
Frequent software updates, including security patches, help protect against vulnerabilities that cybercriminals actively exploit. Always keep your operating system and the software used on your device up to date.
Practice Critical Thinking with Emergency Data Requests
Carefully evaluate any request that mentions urgency and involves user data. Rather than responding immediately, confirm the legitimacy of the request with the authority that supposedly sent it.