In recent weeks, news broke of another major phishing scam involving an unknown threat group targeting senior Australian diplomats in an identity theft scheme. The plan was to impersonate the diplomats on encrypted messaging services Telegram and WhatsApp, with the intent of collecting information from their contact books, as reported by The Sydney Morning Herald.
- Register your interest for our senior executive lunch: Translating cyber risk into business impact for boards (No IT Vendors or consultants, please)
The scam involved impersonating the individuals by using their names and phone numbers. In some instances, it involved the perpetrators creating accounts in the victims’ names and falsely representing them in communications between people in their contact books. No mobile devices were compromised, and files and data were not the target — only the victims’ contact lists.
It’s typical of a ‘soft’ style of attack, which may not necessarily trigger alerts in anti-malware software. This was a social engineering attack, targeting the behaviour of the diplomats — seeking occasional lapses in daily habits to recognise suspicious activity on their messaging devices and during texting.
Due to the significance of the incident — indicative of reconnaissance with the intent to deceive, manipulate and influence decision-making and affect operational security, the covert nature of the hack, and the value of the contact books — it can be clear that the perpetrators’ mission was partially successful. We simply do not know the extent or nature of the information that was stolen prior to detection.
Learning to recognise the early signs of a phishing scam
Phishing scams and other forms of social engineering attacks are on the increase, and likely to stay that way for the foreseeable future. For that reason alone, it’s imperative to learn how to recognise the signs of such attacks to protect yourself and your organisation.
The first stage of a phishing scam is typically the reconnaissance phase, where information about the victim and their associations could be collected. This in turn can identify a vulnerability by which to compromise sensitive communications between high-value targets using identify theft and deception as the modus operandi.
Recognising that reconnaissance is happening can save you and your organisation from suffering enormous damage.
The only way to do that is through vigilance and awareness, through daily cyber hygiene practice. This means self-examination of your electronic profile and how that presents to attackers. Understand how many points of entry you have exposed — including social media, mobile devices, messenger applications and your discussions in open social environments, all of which present an opportunity and vector for targeted intrusions.
Checklist: maintain your safety online
- Attempt to understand, from the cyber criminal’s perspective, what is of value.
- What would motivate them if they had the opportunity to target you?
- What would they gain or maintain or take advantage of in your operating environment?
- What is the relevance of your position in their area of interest?
- Self-Examination of your daily cyber safety practices and strict routine.
- Physically and technically scan your attack surface and points of entry for vulnerabilities.
- Can you reduce your attack surface (make yourself a smaller target)?
- Examine your profile on web pages, forums and social media sites.
- Do you need to reveal so much of your personal information and intentions?
- Do people need to know anything not relevant to your job? What are the implications of your political views expressed online?
- Learn what to be suspicious about.
- Take note of any indications of compromise and monitor for alerts, updates, suspicious activity, and behaviour occurring on your email systems and social media platforms.
- You will be able to provide important information relevant to the malicious activity to the appropriate law enforcement authorities and to your digital service suppliers’ security incident response teams.
And remember, ensure you keep periodic backups of all of your data and contact lists. Often a complete wipe of your device is the best way to eliminate the residue of cyber attackers and their malicious tools. In persistent scenarios, the entire device may have to be replaced.