Cybercriminals Are Selling Active Government Email Accounts for $40, Turning Institutional Trust into a Black-Market Commodity

Threat actors are cashing in on one of the most valuable currencies in the cyber underground—government authority—by selling access to active law enforcement and public sector email accounts for as little as $40 each.

According to researchers at Abnormal Security, cybercriminals have recently been advertising compromised inboxes from the US, UK, India, Brazil, and Germany. These aren’t abandoned or spoofed addresses. They are fully functional, trusted accounts that allow buyers to impersonate police officers, submit fraudulent subpoenas, and tap into systems meant for official use only.

“The ability to convincingly impersonate government officials and law enforcement officers, send fraudulent legal requests, and steal sensitive data is troubling enough,” Abnormal notes. “But what makes this especially concerning is that compromised government accounts unlock capabilities that exist almost nowhere else in the digital ecosystem.”

How They’re Getting In The low price tag reflects just how easy these accounts can be to compromise. Attackers are exploiting password reuse through credential stuffing, harvesting logins with infostealer malware, and tricking officials into giving up credentials via targeted phishing. Many accounts lack multi-factor authentication, making a single stolen password enough to seize control.

Once in, sellers provide full SMTP, POP3, or IMAP credentials. Transactions are conducted over encrypted messaging apps like Telegram, often paid for in cryptocurrency. Some ads openly market specific use cases, such as bypassing social media verification checks or submitting “emergency” data requests to tech platforms—tactics that have a history of success.

The Power of a .Gov Inbox Emails from .gov or .police domains are inherently trusted. They pass authentication checks, carry legitimate communication histories, and are rarely flagged by traditional email filters. That credibility can convince targets to hand over sensitive data, comply with urgent demands, or open malicious attachments without hesitation.

Dark web ads show sellers pitching far more than email spoofing. Listings promote access to law enforcement-only portals at major platforms like Meta, TikTok, and X, as well as investigative databases for license plates, police reports, and OSINT services that offer enhanced capabilities to verified government accounts.

From Impersonation to Full Identity Theft Abnormal’s researchers engaged directly with one seller, who claimed to control hundreds of active accounts. The seller provided screenshots showing access not just to inboxes, but to restricted investigative tools—effectively selling the full operational identity of a government official.

Possession of such accounts gives threat actors powers far beyond phishing. They can compel disclosures of personal data, monitor targets, and use privileged systems to further cybercrime campaigns. The danger is not hypothetical; it’s a direct line from compromise to abuse of official authority.

Why Traditional Defenses Fail Because these emails originate from legitimate servers and domains, they slip past systems relying on sender reputation or domain authentication. Abnormal says behavioral AI is more effective, flagging anomalies in communication patterns rather than depending solely on technical signatures.

The black market for government accounts is a stark reminder that the value of trust is measurable—and for now, disturbingly cheap. The implications stretch far beyond email compromise into the very mechanisms that safeguard digital and physical security.