FBI Notice Spike in Compromised Government Emails Conducting Fake EDRs

INTRODUCTION
In early November, the Federal Bureau of Investigation (FBI) issued a warning regarding the abuse of compromised email accounts from U.S. and foreign government entities. These compromised accounts are being exploited to execute fraudulent Emergency Data Requests (EDRs) aimed at U.S.-based service providers.
WHAT IS AN EDR?
An EDR is a legal mechanism enabling U.S. law enforcement agencies to urgently request confidential data from service providers without a subpoena. Threat actors would take advantage of the procedure by using compromised government email addresses to submit fraudulent EDRs and obtain customer data.
For example, Verizon disclosed that it received over 127,000 law enforcement requests for customer data during the second half of 2023, with more than 36,000 classified as EDRs. The company reported fulfilling approximately 90% of these requests.
HOW DO THREAT ACTORS EXECUTE THESE SCHEMES?
Investigations into cybercrime forums reveal multiple methods used by threat actors to submit fraudulent EDRs. Some fake EDR vendors sell the capability to generate fake EDRs by targeting specific platforms, complete with counterfeit court documents. Other fake EDR vendors simply sell access to compromised government or law enforcement email accounts.
Key tactics used to compromise government or law enforcement email accounts include:
- Phishing and malware campaigns targeting email users.
- Purchase of stolen credentials from dark web marketplaces.
- Exploitation of poor cyber practices among government employees.
KEY LESSONS
The notice serves as a reminder of the dangers posed by the sophistication of scams threat actors can orchestrate once they have access to compromised credentials.
To mitigate risks, organizations and individuals must prioritize cybersecurity hygiene:
- Establish a procedure on handling sensitive emails to avoid getting phished; approach urgent emails or emails with attachments with caution.
- Employ unique and strong passwords for every account and use multi-factor authentication when possible. Data breaches happen often, and threat actors like to take the compromised credentials from these breaches to re-use on other websites.
HOW CAN RICHTER GUARDIAN HELP YOU?
Richter Guardian can aid in improving your cyber hygiene so that you can lessen the risk of being compromised.
- Consult our cyber concierge if you are in a situation you are unsure of. For example, receiving a suspicious email that requires your immediate attention – we can verify its legitimacy.
- We can walk you through best password management practices by walking you through 1Password, a password management tool.
%20(1).png)
Protect your digital life by detecting risks before they escalate
Richter Guardian gives you enterprise-level cybersecurity tailored for individuals, families, and executives.

Related posts

Introduction
Important family, financial, and legal information is increasingly stored across devices and online accounts, making a reliable backup plan an important part of protecting it.
For many families, these types of files now exist across different devices and services, so it helps to know where those files are stored, how they can be recovered, and what their risks are.
For high-net-worth individuals, families, and executives, backups are especially important because the information they rely on is often highly valuable, private, and difficult to replace. A lost device, ransomware attack, cloud account issue, or hardware failure can quickly disrupt personal, financial, or business matters.
Having a reliable backup plan helps ensure important files remain accessible, protected, and recoverable when something goes wrong.
Common risks to your data
Data can be lost in several ways, including lost or stolen devices, ransomware, or everyday backup failures such as cloud service outages, file corruption, or hardware failure.
Lost/Stolen Devices
If a device is lost, stolen, or destroyed, any files stored only on that device may be permanently lost. The best protection is to keep a backup in another place, such as a cloud account or an external hard drive.
Ransomware
Ransomware is another serious risk. This type of attack locks your files and demands payment to restore access. An offline backup, such as an external hard drive, protects your files since attackers cannot access it.
Everyday Backup Failures
Backups can also fail for everyday reasons. Automatic backup settings may be turned off, an important folder missed, files become corrupted, or a cloud service may be temporarily unavailable. A helpful rule of thumb is to keep three copies of important data: one on your device, one in the cloud, and one on an external hard drive.
Cloud backup as a first layer of protection
Cloud storage saves your data online through a service such as Google Drive, Apple iCloud, or Microsoft OneDrive. You can access files from any device with an internet connection, and many cloud services can back up your files automatically.
Cloud services you may already use
Apple iCloud
- Included on all Apple products (iPhone, iPad, Mac)
- Can be set to automatically back up photos, videos, contacts, documents and text messages
Google Drive
- Built into many Android devices and Chromebooks through a Google account
- Windows and Mac users need to install Google Drive for desktop and choose which folders to sync
Microsoft OneDrive
- Built into Windows 10/11 and included with Microsoft 365 subscriptions
- Can be set to automatically back up your Desktop, Documents, and Pictures folders
Using cloud backup securely
- Start by confirming that cloud backup is turned on for each device and the right files and folders are included.
- Check that recent files are being backed up and that you have enough storage for the information you want to protect.
- Protect every cloud account with a strong, unique password and multi-factor authentication.
Since cloud backups can sync unwanted changes, including ransomware-encrypted files, cloud backup should be paired with an offline backup that is disconnected when not in use.
Using a hard drive as an offline backup
An external hard drive provides an extra layer of protection if something goes wrong with your device or cloud account.
To use an external hard drive, connect it to your computer, copy your important files, and disconnect it once the backup is complete.
For added safety, store the drive in a secure location away from your main devices. A safety deposit box or personal safe is the most secure option.
A good place to start
- Identify the files that would be hardest to replace, such as legal documents, financial records, tax documents, insurance information, and family photos.
- Confirm cloud backup is turned on and includes those files.
- Protect cloud accounts with strong passwords and multi-factor authentication.
- Copy important files to an external hard drive and disconnect when finished.
- Store the hard drive somewhere safe, and separately from your main devices.
- Test your backups periodically to make sure the files can be recovered.
How Richter Guardian can help you
If you’re a client and have questions about securing your backup accounts, multi-factor authentication, protecting your devices from ransomware, or improving your overall device backup strategy, please contact our team.
Not yet a client but interested in Richter Guardian?
Request a private consultation to find out whether Richter Guardian is a good fit for you.

Understanding Mythos AI: What It Means for Your Digital Security
Introduction
Anthropic's Claude Mythos is an advanced AI model currently available only to a select group of vetted technology companies, not the general public. While it holds significant promise as a defensive tool, capable of uncovering security flaws before criminals can exploit them, the same capabilities could be misused to lower the effort needed to exploit weaknesses in email, banking, and personal accounts.
For high-net-worth individuals, families, and executives managing significant assets, this increases the risk of targeted fraud, account takeovers, and financial loss, making strong cybersecurity practices more important than ever.
What's Mythos AI?
Claude Mythos is an advanced artificial intelligence model developed by Anthropic, the company behind the widely used Claude AI assistant. It can be thought of as a much more powerful version of AI tools that many people already use for daily tasks. Mythos goes far beyond earlier models, especially in areas such as complex reasoning, software analysis, and, most importantly, the ability to identify weaknesses in computer systems.
At this time, Mythos is not available to the general public. It is still going through testing and review and has only been released in a highly controlled way to a small number of trusted organizations. These include major technology and security companies such as Microsoft, Apple, Amazon, Cisco, and CrowdStrike. This limited release is intentional. Anthropic has stated that Mythos is powerful enough to cause serious harm if misused, so they have chosen to share it cautiously and with careful oversight.
Why's everyone talking about it?
There are two main reasons Mythos is receiving so much attention. The first is concern within the cybersecurity community. Mythos represents a major step forward in what AI can do when applied to computer systems. Security professionals worry that existing defense tools and practices have not yet caught up. There is also concern that criminals could use tools like Mythos to make cybercrime faster, cheaper, and easier to carry out.
The second reason is business momentum. Every major AI announcement attracts investors and increases public interest. This often raises the perceived value of companies such as Anthropic, OpenAI, and Google. As a result, Mythos has become not only a security issue, but also a financial and market-driven story.
It is important to understand that Mythos is not an isolated development. Other companies, including OpenAI and Google, have already released AI models with similar cybersecurity-related capabilities, though generally at a lower level. What makes Mythos different is how quickly and efficiently it operates, as well as Anthropic’s openness in discussing both its potential benefits and its risks.
How does this affect you?
Mythos does not create entirely new types of cyber threats. Instead, it significantly lowers the level of skill, knowledge, and time needed for attackers to exploit existing weaknesses. These weaknesses exist in the everyday technology we all rely on, including phones, laptops, email systems, and banking or investment applications.
Cyberattacks that once required a team of highly skilled hackers may soon be possible for a single individual using AI tools. For individuals and families with significant financial assets, sensitive personal communications, or access to influential networks, this increases risk. The most common and serious threats remain personal email compromise, fraudulent wire transfers, and targeted account takeovers.
How you can keep safe
Regularly review your digital access points
Make sure all important accounts, such as banking, email, and investment platforms, use strong, unique passwords, and enable multi-factor authentication wherever it is available. In addition, use credit monitoring services to help detect fraud, unauthorized accounts, or identity misuse as early as possible.
Be cautious with unexpected messages
AI can now generate very realistic phishing emails, texts, and phone messages. If something seems unusual or urgent, verify it through a separate and trusted method before taking action.
Confirm your advisors are prepared
Organizations that manage your assets should be reviewing and strengthening their cybersecurity controls, including how sensitive data is protected and how fraud risks are managed.
Richter Family Office supports high‑net‑worth families and executives by integrating cybersecurity and risk considerations into wealth management, governance, and operational oversight.
Contact us with any concerns
Richter Guardian is actively monitoring developments related to Mythos AI and other emerging cyber risks. We will continue to share updated guidance as the situation evolves.
Please contact us immediately if you notice unusual account activity, suspicious communications, or unexpected requests involving sensitive or financial information.
Not yet on Richter Guardian but interested in learning more? Request a private consultation.

Toyota Confirms Ransomware Attack, Data Breach
Introduction
Toyota Finance Services (TFS), a subsidiary of the well-known automaker, has confirmed that they were hit with a ransomware attack. TFS detected unauthorized access to some of its systems in Africa and Europe after cybercriminals claimed an attack on the company. The cybercriminals, also known as the Medusa ransomware gang, claims responsibility for the attack.
Summary Of the Incident
The Medusa ransomware gang had listed ‘Toyota Financial Services’ to its data leak site on the dark web and demanded a ransom payment of $8,000,000 to delete allegedly stolen data. The cybercriminals published sample data that included financial documents, hashed account passwords, passport scans, etc. to prove the intrusion. As of right now, the incident is limited to Toyota Financial Services Africa & Europe. A spokesperson announced that the process of bringing their systems back online is already underway.
How to Stay Safe
- Reset All Passwords – If you are reusing passwords across different websites, reset those passwords and employ hard-to-guess, complex passwords on those websites.
- Password Manager – To keep track of your complicated passwords, think about investing in a password manager. Password managers, like 1Password, place a secret key on your password manager to add a unique extra layer of security.
How Richter Guardian can help you
Richter Guardian can help you determine if some of your user accounts were involved in a previous breach
Our platform can determine compromised credentials through comprehensive dark web monitoring.
.png)
