Hackers posing as law enforcement are tricking Big Tech to get access to private data

A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system

(Image credit: weerapatkiatdumrong / Getty Images)

Cybercriminals impersonate law enforcement to trick tech firms into handing over user data
Tactics include typosquatted police emails & BEC‑compromised official inboxes
Tech companies now rely on vetted data‑request portals to reduce fraudulent disclosures

While most data theft happens through software vulnerabilities and phished login credentials, sometimes big technology corporations give their customers’ PII to law enforcement – willingly.

They are, of course, unaware that the ‘law enforcement’ they are sharing the data with, are actually cybercriminals looking for material in their identity theft and fraudulent schemes.

Wired reports that some cybercriminals are taking advantage of the fact that big tech firms, such as Apple, are legally obligated to share some data with law enforcement, under certain conditions and through specific channels.

Google employees against warfare

Sometimes, the police will investigate a crime, or a matter of national security, and will ask Apple, Google, Facebook, or other companies to share information they hold on specific individuals. Since these companies hold vast user data and often have full customer profiles, this type of information can be invaluable in an investigation.

In other cases, the police will respond to a crisis that could result in immediate harm and will make an emergency data request.

Cybercriminals know this, and are constantly targeting these companies in different ways in attempts to get ahold of their data sets. One way they’re doing it is through typosquatting – they would create websites and email addresses seemingly identical to official police addresses, with the difference being just one letter, or character.

Then, they reach out with carefully crafted emails, almost indistinguishable from legitimate police correspondence, in hopes that the recipient will not notice the difference and will end up sharing the information.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Another way they’re doing this is through Business Email Compromise (BEC) – by first breaking into the inboxes of relevant agents and officials and using their emails instead.

This approach, although harder to pull off, works better, since the legitimacy of the requests is significantly higher.

The good news is that most big tech companies have set up data request forms, which are then carefully vetted and scrutinized.

Via Apple Insider

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.