Having encountered several friends and associates who have suffered, what seemed to be sustained Phishing Campaigns I decided to invest some time and bated-responses to set up a little research experiment to prove, or disprove a suspected theory – but for me, theories are only proven when they are put to the test, so I set the stage.
All of those who I had spoken to, all had two factors in common, one of which was each one of them in a very small window of time had received multiple Phishing, Vishing communications with a hooked bait topic, ranging from offers, locked Paypal Accounts, Apple ID update, through to Amazon Tracking emails and unexpected files shared through Dropbox – all of which were fake, and sent by spammers within a period of just 5 days. The second common area was, without exception, each of my samples had completed an online document, providing the attacker with multiple pieces of information – e.g. Telephone number, email address etc!
Below are some examples of the Spams which were received:
So to set the research ball rolling, I followed their actions on one of the danger-sites which seemed to have initiated a campaign – and as if by magic, the same conditions were replicated, and the phishing stared to pour into the email box, cell phones and by text – exactly the same condition that had been encountered by those who had shared their adverse experiences with me.
Conclusion
My conclusions here are somewhat obvious, born out of my first-hand encounter with what I call Long-Cast Phishing:
- Where information is shared with a criminal entity (Hacker of otherwise) there is a high probability it will be subject to further abuse
- Where multiple elements of information are exposed to a criminal entity. For example, email address, cell phone etc – expect each one of these elements to be potentially abused in their own channel of communication
- When sensitive contact information is harvested by a criminal entity, such data assets have a value, so one may expect them to be shared on the Darkweb – Personal Information, or Credit Card information which has been supplied with the required details to transact a Card-Not Present opportunity is valuable and holds a resale value
Putting the above considerations and conclusions into a real-world 2018 context, focuses the mind on the recent discoveries of security breaches the like of which has been observed at BA. The abuse of any valuable data assets will not necessarily be subject to immediate use – they may sit in the potential attackers’ hands until they are ready for exploitation to their own criminal advantage. However, one thing is for sure here, the dangers of encountering a Long Cast Phishing Campaign are common and active, and no matter the type of user, they must be served with Security Education and Awareness to underpin their own personal Cyber-Security.
John is the Principle at Shadow-Intelligence (Si), partnering with PALISCOPE, BreachAware and iStorage. He is a Visiting Professor at the School of Science and Technology, Nottingham, Trent University (NTU) and holds the appointment of Editor in Chief for the International Journal of Cyber Forensics and Advanced Threat Investigations (CFATI). For the last decade he has delivered training courses in the Middle, and Far East to Commercial, Industrial, the Financial Services Sector, and Military Agencies, including the UAE, US, Pakistan, Saudi Arabia, Malaysia (KL), Singapore, Argentina, and Sao Paulo
He served in the Royal Air Force 22 years’, specialising in Counterintelligence, working with UK Agencies such as GCHQ/CESG, and others in the fields of SIGINT, COMINT and Satellite Communications, holding appointments such as System ITSO for a CIA SCIF.
In the commercials sectors of IT/Cyber he has worked for/with Logica, Bae, T5, GM, Experian, Betfair, Palace of Westminster, House of Lords/Commons, TSol (Treasury Solicitors) and provided Consultancy to the Saudi Arabian MOD, TRA (Telecommunications Authority (Dubai) and the Military Academy of Malaysia (KL) on SOC, CSIRT, Digital Forensics and OSINT. Within the last 5 years he has focused on Geopolitics, with global expertise around the UAE and Russia, Anti-Terrorist Operations (ATO), Cyber-Warfare, Dezinformatsiya (Disinformation) and Maskirovka (Military Deception).
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.