top of page
OceanVertical

Hackers can get your identity by impersonating police

  • Dec 19, 2025
  • 2 min read
hackers identity

Happy Friday The bad guys are at it again, this time using our own legal system against us. Here's how the scam works:


Your company might receive an Emergency data requests (EDR) from law enforcement. EDR's are intended for situations where immediate access to user data could prevent harm. Legally, your company must comply with the officer's request, immediately handing over all personal and private information you have about specific individuals in the company.


As you might have guessed, it's all a ruse. The criminals purchase domains that resemble real police department websites, use convincing forged documents, use carefully crafted emails, almost indistinguishable from legitimate police correspondence and change their caller ID to match the law enforcement agency they're impersonating.


The scammers are not acting alone or are they working for free. Doxing is the public release of someone’s private personal information without their consent, often to harass or intimidate them. Criminal groups offer doxing-as-a-service, where they're paid to get information on specific targets such as home addresses, phone numbers, social accounts, and even cloud login details.


The Takeaway


So far the bad guys have been targeting higher level people in larger companies (Apple being the most famous victim) but it's now raising concerns about how legal compliance systems can be turned against the very people they were meant to protect. Those emergency protocols are being hijacked by hackers.


Be sure to share this email and the following recommendations with your HR and leadership team in case they receive an EDR:


  • Require in-person delivery by a sworn law enforcement officer


    Emergency Data Requests should be delivered in person, with government-issued credentials and agency identification that can be independently verified.


  • Independently verify the officer and agency


    Do not rely on phone numbers, email addresses, or signatures provided in the request. Look up the agency’s publicly listed number and call back to confirm the officer’s name, badge number, and the legitimacy of the request.


  • Require a formal legal basis, even in emergencies


    A legitimate emergency request should still reference a specific statute, case number, or legal authority. Vague language like “imminent threat” without citation is a common red flag in forged requests.


  • Enforce a two-person review rule


    No single employee should ever approve or respond to an emergency data request. Require review and sign-off from legal counsel, security, or executive leadership before any data is disclosed.


Remember, hackers exploit urgency and fear. Your team should be expected to pause, escalate and verify rather than act quickly when faced with emergency language. We can do this, together.


Stay safe out there.

-Attila


New Friday Funnies!


What do you call a female police officer playing guitar?

She-riff.


Did you hear the celery got arrested?

They charged him with stalking.



Did you hear about the criminal who stole a lamp?

He got a very light sentence.


Why are policemen such great volleyball players?

They know how to serve and protect.


Why did the cat get a ticket?

It littered.


A police officer arrested a bottle of water because it was wanted in three different states.

Solid, liquid, and gas.

 
 
 

Comments

bottom of page