A handful of Big Tech firms have been conned into turning over user data in response to phony law enforcement requests – data that is then used to extort and sexually harass those users, several informed sources told Bloomberg on Tuesday.
Companies including Google, Apple, Meta, Twitter, Snap, and Discord have been duped into supplying user data to malicious actors who then use the information to extort their victims, the sources claim. The fake law-enforcement officers reportedly target specific women and minors, sometimes coercing them into creating and sharing sexually explicit material by using threats of retaliation.
While these scams initially appeared to focus on financially extorting their victims, sexual extortion schemes have become disturbingly popular, according to Bloomberg’s law enforcement sources. They typically begin with a hacker compromising a law enforcement agency’s email system and forging an “emergency data request” targeting a particular social media user. When the company provides the requested information, the hacker can use it to compromise the target’s social media accounts outright or befriend them over a period of time, eventually coercing or blackmailing them into providing sexually explicit photos or videos.
Victims who don’t cooperate are subject to an array of retaliation tactics including “swatting,” a potentially deadly prank that involves calling in a fake threat to a local 911 dispatcher. Police sent to the target’s home may be told the individual is violent, leading to potentially deadly confrontations. Others may have their personal information posted to dedicated doxxing websites, inviting random miscreants to torment them at will. Those duped into providing sexually explicit material are told the offending photos will be sent to family members, friends or employers.