Private Industry Notification on Fraudulent Emergency Data Requests

This document is a Private Industry Notification released by the Federal Bureau of Investigation (FBI) addressing the trend of fraudulent emergency data requests targeting US-based companies. It outlines how compromised US and foreign government email addresses are being exploited by cyber-criminals to conduct these requests, which expose personally identifiable information (PII). The notification details incidents where criminals have posted on forums about selling government email addresses and providing guidance on submitting fraudulent requests. The FBI emphasizes the importance of implementing security measures to mitigate these threats, including enhancing password protocols, establishing strong relationships with FBI Field Offices, and reviewing incident response plans. The document also recommends specific best practices for organizations, such as monitoring third-party vendor security, documenting remote connections, and applying critical thinking to emergency data requests. These measures are intended to help organizations protect against unauthorized access and maintain the integrity of sensitive information.