According to the FTC, consumers reported losing more than $5.8 billion to fraud in 2021. This is an increase of more than 70% over the previous year.
Lately, cybercriminals have been using phony law enforcement documents to steal information.
The way it works is the criminals will send phony data requests to a company. The requests appear to be from a police department and look legitimate.
So far, these types of data requests have been submitted to tech companies. Even worse, hackers are using hacked police email accounts to send data requests.
Therefore, the company receiving the request has no reason to doubt its legitimacy.
In 2021, Apple and Facebook both fell victim to the fraud.
The two companies handed over an undisclosed amount of users’ details. This included the user’s address, IP address, and telephone numbers.
The exact number of fake requests and how much data was given up by the tech companies is unknown.
According to Facebook…
“We review every data request for legal sufficiency and use advanced systems and processes to validate law enforcement requests and detect abuse.”
The company continued…
“We block known compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case.”
More concerning are the different methods these imposters use to force the victim’s hand. These fake documents sometimes contain emergency data requests.
Such requests, known as EDRs are used by police when time is of the essence. For instance, in life or death situations.
The requests don’t need a court order, and don’t involve extensive reviews. And companies are willing to turn the data over without asking questions.
The trouble is, police email accounts are compromised all the time. Criminals can find login credentials on the dark web.
If a company receives an EDR to turn over data that could help prevent a shooting or a suicide, most won’t hesitate.
The last thing these companies want is to be blamed for the loss of life.
As this type of fraud is likely to continue, here are a few things to keep in mind.
Limit sharing:
The best way to prevent your data from being stolen is to limit what you share.
If you choose to use social media be careful what you give them.
Don’t provide Facebook your address, phone number, or any other personal data.
Many online accounts can be created with your data being protected. You can use a burner email address, a Google Voice phone number, and an address at a UPS Store.
Always use a VPN:
A lot of people use VPNs. The problem is that many folks turn their VPN on and off. Some only use it when logging into their bank account or other sensitive websites.
But if you forget to turn it on, you could expose your IP address and other data. So make sure your VPN is always turned on and used.
Verify:
Whether you work for a company, or receive a request from the police at home, I would immediately call the officer that sent the request.
If the police need information from you they should be able to verify anything you call and ask them.
And if it’s an emergency, your phone call to the police department should be taken seriously. They should connect you with the police officer handling the investigation.
To make things even more complicated, there are over 18,000 police departments in the U.S. alone.
This is a lot of email addresses for hackers to steal and use to get more information.
Ideally, there would be some sort of database for companies to verify requests. But with so many different law enforcement organizations, it would be difficult to do.
The best way to protect yourself is to limit what information about you is on the web.
And if you do share information, make sure it’s not your legitimate personal data.