In the United States, law enforcement agencies must obtain a court-ordered warrant or subpoena before requesting user data from a tech company. However, in extreme scenarios, law enforcement agencies can bypass this process by issuing an Emergency Data Request (EDR). Since the request is urgent, tech companies must act quickly and trust the agency that issued the request. Unfortunately, cybercriminals have begun hijacking law enforcement agency email systems in order to send fake EDRs and gather sensitive user data.
Recent news has revealed that in 2021, Apple, Meta, and other tech companies responded to fake EDRs and provided user data to cybercriminals. This data included users’ addresses, phone numbers, and IP addresses. Now that this data breach is making headlines, we expect cybercriminals to use EDR-related data leaks as a topic in phishing attacks and social media disinformation campaigns.
Here are some tips to stay safe:
- Be cautious of emails or phone calls that claim you or your organization have been affected by these data leaks. Typically, this sort of information is communicated through regular mail.
- Watch out for sensational or shocking headlines about Apple, Meta, or other tech companies that have experienced EDR-related data leaks. These headlines could lead to articles that contain misinformation, or false information designed to intentionally mislead you.
Stop, Look, and Think. Don’t be fooled.