The listings featured on this site are from companies from which this site receives compensation and some are co-owned by our parent company. This influence: Rank and manner in which listings are presented.
Learn more
The How To Guide was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on The How To Guide are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

The How To Guide was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on The How To Guide are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

FBI Warns of Bogus Emergency Data Requests

FBI Warns of Bogus Emergency Data Requests
Author Image Husain Parvez
Husain Parvez First published on November 13, 2024 Cybersecurity Researcher

In a recent advisory, the FBI warned US-based tech companies about a rising cybercriminal tactic involving fraudulent “emergency data requests” (EDRs), aimed at accessing sensitive user data without the typical legal protocols. The advisory, first reported by PCMag, highlights how hackers are exploiting government and law enforcement email accounts to submit fake EDRs, prompting tech companies to unknowingly release user information.

EDRs are normally reserved for urgent situations, allowing law enforcement to bypass a warrant. Cybercriminals have found ways to reliably forge these requests by hijacking official government email accounts, making the requests appear legitimate to targeted companies. Citing recent increases in online discussions about this method, the FBI noted a marked “uptick” in this activity around August, as hackers circulated detailed instructions for creating fake EDRs across online forums.

One known group that had previously exploited this tactic is Lapsus$, a hacking collective that targeted companies like Apple and Meta by submitting phony data requests.

A cybercriminal boasted on an online forum that they could provide access to “High Quality .gov emails” and “guide a buyer through emergency data requests” for a fee. This tactic is cost-effective, with the average service priced as low as $100, allowing individuals to access user data without a sophisticated setup.

Cybercriminals exploit the urgency inherent to EDRs to avoid scrutiny on their requests, often citing grave, fabricated scenarios, such as claims of human trafficking or imminent threats to people’s safety. Such claims pressure companies into responding quickly, resulting in hackers obtaining private data like emails, phone numbers, and IP addresses.

To mitigate these risks, the FBI advises organizations to scrutinize incoming EDRs carefully, checking for telltale signs of forgery, such as tampered logos or signatures and unusual language that may not align with official legal codes. Strengthening email security with multi-factor authentication and complex passwords is also recommended to government employees to prevent cybercriminals from hijacking their accounts.

About the Author

  • Author Image Husain Parvez
  • Husain Parvez Cybersecurity Researcher

Husain Parvez is a Cybersecurity Researcher and News Writer at The How To Guide, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the The How To Guide Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

This field must contain more than 50 characters

The field content should not exceed 1000 letters

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address