The latest law enforcement scams are bogus legal requests for customers’ data from companies. Moreover, it’s happening to reputable technology companies.
Initially, the fraudster compromises a law enforcement agency’s email system. After which, the fraudster will fabricate a legal-looking “emergency data request.” The data request includes a request for user names, IP addresses, email addresses and sometimes a physical address.
Legitimate law enforcement typically uses this class of requests to get information from online sources in cases involving imminent danger. Ultimately, it’s life and death—compliance must be immediate.
According to the FBI, scammers who impersonate government officials demand payment in prepaid cards, wire transfers, and cash. As you know, these are the most common payment methods used by fraudsters.
According to reports, Apple, Alphabet, Google, Snap, Twitter, and Discord are victims of these tactics. Unfortunately, fraudsters have sometimes used the stolen data to harass and sexually extort minors and pressure women to produce and share sexually explicit material. Further, a common ploy is threatening retaliation if non-compliant.
Swatting and doing
One retaliation is swatting. Swatting is when a fraudster calls in a fake 911 threat to trick law enforcement into mobilizing a SWAT team to the address of their victim. The victim has typically refused to meet the fraudster’s demands but will pay another price, irreparable damage to their reputation. Sometimes, fraudsters send illegal drugs to victims’ houses. Also, some swatting events in the US have led to the deaths of innocent bystanders.
Mark Herring, 60, was the target of a vengeful person online from thousands of miles away. Why? His refusal to hand over his Twitter handle! Herring suffered a heart attack during the SWAT team’s intrusion.
Doxing is the practice of researching someone’s personal information, such as identity, address, and phone number, to share such information publicly. The goal of doxing is to disrupt the victim’s privacy. The data ends up on sites dedicated to doxing, subjecting victims to further harassment from others.
Thwarting fake law enforcement scams
First, under no circumstances share personal information online that could help someone locate you in real life.
Second, engage in a Virtual Private Network (VPN), which can disguise your IP address and make it harder for a person online to locate you.
Third, don’t overshare. Try not to supply personal information unless you have to, especially to people you don’t know.