Preloader

Government and Police Email Accounts Sold on the Dark Web for Just $40

Government and Police Email Accounts Sold on the Dark Web for Just $40

Government and Police Email Accounts Sold on the Dark Web for Just $40

According to research by Abnormal AI, active email accounts belonging to government agencies and police departments in countries such as the US, UK, Germany, India, and Brazil are being sold on the dark web for around $40. These accounts are real, still in use by official organizations, and give cybercriminals the ability to exploit their credibility for unauthorized access and fraudulent requests.

Methods of Government Account Theft

Most breaches occur through simple techniques:

  • Password reuse: Employees using weak or repeated passwords open the door for attackers.

  • Infostealer malware: Malicious software that collects stored browser and email data, often sold in bulk for as little as $5.

  • Targeted phishing attacks: Fake emails crafted to trick government staff. Without multi-factor authentication (MFA), just one stolen password is enough.

How Accounts Are Sold and Used

Sellers usually operate through encrypted messaging apps like Telegram or Signal. Buyers pay with cryptocurrency and receive login details (SMTP, POP3, or IMAP). These accounts are often used for:

  • Sending fake subpoenas

  • Bypassing online identity verification

  • Gaining access to restricted government databases

Why It’s Dangerous

A compromised government email provides significant advantages to criminals:

  1. Legal authority to exert pressure: Service providers often comply with urgent legal requests.

  2. Built-in credibility: Official emails are less likely to be questioned or flagged.

  3. Exclusive access: Some systems and databases are only available to verified government accounts.

Security Implications

With a compromised account, hackers can send data requests or takedown notices to tech companies. In some cases, access has extended to police investigation tools such as vehicle license plate lookup systems.

This demonstrates that traditional email security measures are not enough, since the emails originate from verified accounts. Government organizations must focus on:

  • Implementing multi-factor authentication (MFA)

  • Strengthening password policies

  • Carefully reviewing urgent requests

  • Restricting access to sensitive systems

Source: MedadPress
www.medadpress.ir