For $40, you can buy stolen police and government email accounts - Help Net Security

Active police and government email accounts from the US, UK, Germany, India, and Brazil are being sold on dark web forums for as little as $40, giving cybercriminals unprecedented access to trusted institutional communications. According to Abnormal AI research, these functional accounts are compromised through credential stuffing attacks exploiting password reuse, infostealer malware collecting stored credentials for $5 in bulk, and targeted phishing campaigns that succeed without multi-factor authentication. Criminals use these accounts to send fraudulent subpoenas, emergency data requests to tech companies, and access restricted law enforcement databases including license plate lookup systems and police reporting dashboards. The compromised accounts carry inherent legal authority and credibility, allowing attackers to bypass security checks and verification processes that would normally flag suspicious requests. Traditional email security tools struggle to detect these threats since emails originate from legitimate domains with valid authentication, highlighting the need for stronger password practices, faster breach response, and enhanced verification procedures for urgent law enforcement requests.​​​​​​​​​​​​​​​​