Increase in Scam Emails Mimicking Data Breach Alerts

The cases Dubex has examined share a common theme: the majority of the leaked accounts displayed in the email are from well-known large leaks, such as the Adobe leak in 2013, the LinkedIn leak in 2021, the Dropbox leak in 2024, and others. In several cases, the supposedly leaked account no longer existed in the company’s system, clearly indicating the data is older. It is common for accounts from the aforementioned leaks to be “re-leaked” in new leaks, making them appear new, which is precisely the tactic this company is using.

Recently, we at Dubex have noted an increase in inquiries from companies reporting they have been contacted about vulnerabilities, data loss, or impending attacks. The true purpose is often to deceive the company into purchasing access to data or subscribing to a service that is ultimately worthless—a modern equivalent of selling telephone directory ads.

Upon receiving such an email, a quick background check of the company can be conducted. If a CVR number is found on their website, a background check on the email sender can be performed via CVR.DK and Krak.dk. A common finding in the cases we have handled is that the company claims to be based in Copenhagen, and multiple companies are listed at the same address. We also found that the owners are not residing in Denmark, using the Danish Business Authority’s C/O address on Langelinie. This is a typical indicator of a shell company without employees.

In summary, Dubex assesses that there is no data loss from the company, but rather an attempt to pressure the company into buying a service with no real value. Thus, the inquiry can be disregarded.

If in doubt, leverage Dubex’s expertise to confirm or dismiss the criticality of such an inquiry.