Hackers are hijacking email accounts belonging to US and foreign governments and sending bogus 'emergency data requests' to companies.

Hackers are trying to create fake legal requests to trick companies into handing over sensitive user data, according to a new alert from the FBI.

In August, the agency noticed an "uptick" in cybercriminals discussing the tactic in online forums, it said in a Monday alert. The tactic exploits "emergency data requests" that law enforcement agencies send to US companies, requesting personal information about specific users. Importantly, this type of request is designed to help investigators obtain information in a hurry, meaning no court-issued warrant or subpoena is required.

In 2022, a group of hackers known as LAPSUS$ exploited the method to manipulate companies into handing over information about users. This included tricking Apple and Meta into giving up the addresses, phone numbers, and IP addresses of targeted victims.

Although at least some members of LAPSUS$ have since been arrested, others cybercriminals are still abusing the tactic for their own hacking schemes, the FBI says. To do so, culprits have tried to hijack email accounts belonging to US and foreign government agencies.

The alert notes that one hacker was spotted selling access to "High Quality .gov emails" and "indicated they could guide a buyer through emergency data requests and sell real stolen subpoena documents to pose as a law officer," the FBI alert added.

In March, the agency also found one hacker posting photos of fake emergency data requests sent to PayPal, although the company flagged the scheme and denied the requests.

"In August 2023, a cyber-criminal stated they were teaching individuals how to create and submit their own emergency data requests to get information on any social media account for 100USD," the alert added.

In response, the FBI is urging government organizations to bolster the security around their email accounts, including activating multi-factor authentication and mandating strong password protocols. The agency is also recommending US companies that receive emergency data requests be vigilant in looking out for potential fakes.

"Cyber-criminals understand the need for exigency, and use it to their advantage to shortcut the necessary analysis of the emergency data request," the alert said. "FBI recommends reviewers pay close attention to doctored images such as signatures or logos applied to the document. In addition, FBI recommends looking at the legal codes referenced in the emergency data request, as they should match what would be expected from the originating authority."