- Cybercriminals impersonate law enforcement to trick tech firms into handing over user data
- Tactics include typosquatted police emails & BEC‑compromised official inboxes
- Tech companies now rely on vetted data‑request portals to reduce fraudulent disclosures
While most data theft happens through software vulnerabilities and phished login credentials, sometimes big technology corporations give their customers’ PII to law enforcement - willingly.
They are, of course, unaware that the 'law enforcement' they are sharing the data with, are actually cybercriminals looking for material in their identity theft and fraudulent schemes.
Wired reports that some cybercriminals are taking advantage of the fact that big tech firms, such as Apple, are legally obligated to share some data with law enforcement, under certain conditions and through specific channels.
Google employees against warfare
Sometimes, the police will investigate a crime, or a matter of national security, and will ask Apple, Google, Facebook, or other companies to share information they hold on specific individuals. Since these companies hold vast user data and often have full customer profiles, this type of information can be invaluable in an investigation.
In other cases, the police will respond to a crisis that could result in immediate harm and will make an emergency data request.
Cybercriminals know this, and are constantly targeting these companies in different ways in attempts to get ahold of their data sets. One way they’re doing it is through typosquatting - they would create websites and email addresses seemingly identical to official police addresses, with the difference being just one letter, or character.
Then, they reach out with carefully crafted emails, almost indistinguishable from legitimate police correspondence, in hopes that the recipient will not notice the difference and will end up sharing the information.
Another way they’re doing this is through Business Email Compromise (BEC) - by first breaking into the inboxes of relevant agents and officials and using their emails instead.
This approach, although harder to pull off, works better, since the legitimacy of the requests is significantly higher.
The good news is that most big tech companies have set up data request forms, which are then carefully vetted and scrutinized.
Via Apple Insider
➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.