Security researchers report that hackers are increasingly impersonating law enforcement officials to trick technology companies, including Apple, into divulging private Apple Account data through fake legal requests. Instead of typical phishing scams, malicious actors have adopted more sophisticated tactics, such as creating email addresses and domain names that closely resemble legitimate government agencies, to convince corporate law-enforcement response teams to share user information. These tactics are aimed at obtaining personal account details that can later be sold or exploited.
The group identified in the scheme often begins by acquiring domains similar to those used by real police or sheriff’s offices, altering only minor elements like a “.us” ending to make the address appear authentic. They may also spoof phone numbers so that if a company tries to verify a request by calling, it appears to connect back to an actual law enforcement office rather than a malicious actor. This method allows the attackers to bypass some standard verification practices and target emergency data request channels at corporations that handle sensitive user information.
How Attackers Exploit “Emergency” and Law Enforcement Channels
Rather than relying solely on common email phishing or social engineering tactics, these hackers take advantage of emergency data request (EDR) procedures used by tech companies when urgent access to user information is deemed necessary to prevent imminent harm. In legitimate scenarios, EDRs — which often carry wording such as “Emergency Request” in the subject line and are transmitted from official government email accounts — allow companies to share minimal user data quickly. However, impersonators simulate these conditions to persuade companies to release Apple Account information such as home addresses, email addresses and phone numbers.
One hacker group member, identified only by the pseudonym “Exempt” in reporting, explained that the requests are crafted to look official, complete with plausible legal citations and accurate formatting. In some cases, hackers leverage compromised credentials from real law enforcement employees to add legitimacy to their messages, allowing them to circumvent basic checks and make their requests appear genuine.
Apple Accounts and User Privacy
Apple has processes in place for handling law enforcement and emergency data requests that require forms, official email addresses and clear labeling to guard against misuse. Still, these scams reveal weaknesses in how urgency and authority are verified, particularly when attackers create convincing facsimiles of legitimate agency contact information. Security experts warn that while not every attempt is successful, companies and users alike must exercise caution in evaluating requests that claim to originate from law enforcement.
Experts recommend that companies adopt stronger verification measures, such as direct callbacks using official publicly listed agency numbers, multi-factor verification of sender identities, and stricter policies on emergency data requests. From the user perspective, vigilance remains critical: individuals should be wary of unsolicited contacts that reference legal or emergency channels and avoid providing personal information through channels that cannot be independently verified.
