Published November 12, 2024 10:00am EST close Tips to protect yourself against bank scams Scammers often ask for answers to secret questions for crucial information needed to access accounts. Phishing emails are one of the most common tricks scammers use, but theyre usually easy to catch if you pay attention. Awkward grammar, random details and, most importantly, an unofficial email address are dead giveaways. For example, you might get an email saying your Apple IDs been disabled, but the senders email wont actually be from Apple. Now, though, scammers are finding ways to get around this.According to the FBI, theres been a recent rise in cybercriminal services using hacked police and government email accounts to send fake subpoenas and data requests to U.S.-based tech companies.IM GIVING AWAY A $500 GIFT CARD FOR THE HOLIDAYSEnter bysigning up for my free newsletter! Illustration of a scammer at work (Kurt "CyberGuy" Knutsson)What you need to knowTheFBI has seen a spike in criminal forum posts about emergency data requests and stolen email credentials from police departments and government agencies. Cybercriminals are getting into compromised U.S. and foreign government email accounts and using them to send fake emergency data requests to U.S.-based companies, which exposes customer data for further misuse in other crimes.In August 2024, a popular cybercriminal on an online forum advertised "high-quality .gov emails" for sale, meant for espionage, social engineering, data extortion, emergency data requests and more. The listing even included U.S. credentials, and the seller claimed they could guide buyers on making emergency data requests and even sell real stolen subpoena documents to help them pose as law enforcement.Another cybercriminal boasted about owning government emails from over 25 countries. They claimed anyone can use these emails to send a subpoena to a tech company and get access to usernames, emails, phone numbers and other personal client info. Some con artists are even hosting a "masterclass" on how to create and submit their own emergency data requests to pull data on any social media account, charging $100 for the full rundown. Illustration of a scammer at work (Kurt "CyberGuy" Knutsson)How this phishing scam worksWhen law enforcement, whether federal, state or local, wants information about someones account at a tech company, like their email address or other account details, they typically need a warrant, subpoena or court order. When a tech company receives one of these requests from an official email address, theyre required to comply. So, if a scammer gets access to a government email, they can fake a subpoena and get information on just about anyone.To bypass verification, scammers often send emergency data requests, claiming that someones life is at risk and that the data is needed urgently. Because companies dont want to delay in case of an actual emergency, they may hand over the information, even if the request turns out to be fake. By portraying it as a life-or-death situation, scammers make it harder for companies to take time to verify the request.For example, the FBI reported that earlier this year, a known cybercriminal posted pictures on an online forum of a fake emergency data request theyd sent to PayPal. The scammer tried to make it look legitimate by using a fraudulent mutual legal assistance treaty, claiming it was part of a local investigation into child trafficking, complete with a case number and legal code for verification. However, PayPal recognized that it wasnt a real law enforcement request and denied it. Illustration of a person receiving a phishing email (Kurt "CyberGuy" Knutsson)What can companies do to avoid falling for these phishing scams?1) Verify all data requests: Before sharing sensitive information, companies should verify every data request, even those that look legitimate. Establish a protocol for confirming requests directly with the agency or organization that supposedly sent them.2) Strengthen email security:Use email authentication protocols like DMARC, SPF and DKIM to block emails from unauthorized sources. Implement anti-phishing filters to detect suspicious content in messages.3) Train employees on phishing awareness: Regular training sessions on phishing scams can help employees recognize red flags, such as urgent language, unusual requests or emails from unknown addresses. Employees should be encouraged to report suspicious emails.4) Limit access to sensitive data: Restrict who can view or share sensitive customer data. Fewer people with access means fewer chances for accidental or intentional data leaks.5) Implement emergency verification procedures: Have a clear verification process in place for "emergency" data requests, including steps for double-checking with higher management or legal teams before responding to any urgent request for customer information. Illustration of a scammer at work (Kurt "CyberGuy" Knutsson)Is there something you need to do?This particular phishing scam mostly targets big tech companies, so theres not much you can do directly. However, its a reminder that you shouldnt automatically trust an email, even if it comes from a .gov address. Here are some steps you can take to stay safe.1) Double-check email addresses and links: Even if an email looks official, take a moment to check the senders email address and hover over any links to see where they actually lead. Be cautious if anything looks off. The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.2) Enable two-factor authentication (2FA):Use2FA for all sensitive accounts. This extra layer of security helps protect you even if your login credentials are compromised.3) Stay updated on phishing scams:Keep an eye on the latest phishing tactics, so you know what to look out for. Regular updates help you spot new types of scams before they affect you.4) Verify suspicious requests:If you get an unexpected email asking for sensitive info, contact the sender directly through an official channel to confirm the request. Illustration of a scammer at work (Kurt "CyberGuy" Knutsson)Kurts key takeawayScammers are taking phishing emails to a whole new level. I often recommend checking the email carefully when you receive anything suspicious to see if its legit. But now, since scammers can even access government emails, you need to be extra cautious. This phishing scam seems to target mostly big tech companies, so its on them to strengthen their security and verify every request thoroughly before sharing any user information. It's also up to governments worldwide to protect their digital assets from being compromised.Whats your stance on how governments are handling cybersecurity? Are they doing enough to protect sensitive data? Let us know by writing us at Cyberguy.com/Contact.CLICK HERE TO GET THE FOX NEWS APPFor more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.Follow Kurt on his social channels:Answers to the most asked CyberGuy questions:New from Kurt:Copyright 2024 CyberGuy.com.All rights reserved. Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurts free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.