Stolen Email Accounts of Law Enforcement and Government Agencies Auctioned on the Dark Web for $40

In a concerning development, it has been reported that email accounts belonging to officials from various countries, including the US, UK, India, Brazil, and Germany, have been compromised and are being sold on the dark web. These accounts, which are active and trusted inboxes, have been targeted by threat actors using simple but effective methods such as credential stuffing, password reuse, infostealer malware, and targeted phishing.

Unlike dormant or spoofed accounts, these compromised accounts are being actively used for malicious purposes. The result is a higher ratio of malicious attachments and links being clicked on. The selling price for these accounts starts at $40 on the dark web.

Criminal marketplaces are not just reselling access; they're actively marketing specific use cases. For example, buyers can submit fraudulent subpoenas or bypass verification procedures for social platforms and cloud providers using these compromised accounts.

The Abnormal AI report, published on August 14, states that these compromised law enforcement and government email accounts are being sold on encrypted messaging platforms like Telegram or Signal. When a purchase is made, buyers receive complete SMTP/POP3/IMAP credentials for those accounts, providing full control over the inbox.

Attackers can impersonate law enforcement and government employees through their own emails, providing opportunities for sophisticated fraud and data theft schemes. Dark web advertisements urge buyers to use compromised accounts for submitting emergency data requests, promising access to IP addresses, emails, or phone numbers.

This commoditization of institutional trust has broadened the appeal of these accounts and lowered the barrier to entry for impersonation-based attacks. Emails sent from domains such as .gov and .police are more likely to evade technical defenses and less likely to raise suspicion among recipients.

However, the specific names of the persons or institutions responsible for compromising these accounts remain unknown. Cybercriminal groups remain unidentified, and the perpetrators behind such attacks have not been officially disclosed.

This news serves as a reminder for individuals and institutions to prioritise cybersecurity measures and be vigilant against potential threats. It is crucial to use strong, unique passwords and be aware of phishing attempts to protect against such compromises.

Stolen Email Accounts of Law Enforcement and Government Agencies Auctioned on the Dark Web for $40