Anatomy of a Spear-phishing Attack
Posted by: Timothy Weaver on 10/26/2016 02:16 PM
[
Comments
]
An employee of the Museum of Science, Art, and Human Perception in San Francisco, also known as the Exploratorium, became a victim of a spear-phishing attack when she received an email with an attachment.
The attachment was purportedly a document being shared by the staff. When she opened the attachment she was sent to a login page for Gmail. Without checking the URL of the site, she entered her credentials. The hacker now had access to her account.
The hacker sat on the account for three days, watching and opening her mail. Then he acted. First he directed all of her incoming mail to the trash folder. Then he deleted all of her contacts. And lastly, he sent out other spear-phishing emails to all her colleagues, crafted to mimic her actual emails.
The crafted emails also contained an attachment trying to lure staff members to also log into their Gmail accounts. It may have worked except for the fact that the hacker misspelled Exploratorium.
Staff tried to contact her about the email, but they all went into her trash folder. She was only alerted to the scam when an employee came and physically told her of the emails. She went to let everyone know that it was a scam, but found all her contacts had been deleted.
The IT staff took action and had her change her password for Gmail. Unfortunately, some of the staff had already opened the attachment and logged into their Gmail accounts. 54 staff members had opened the email, but it is unknown how many fell for the scam.
An investigation into the scam revealed that the attackers were based in Nigeria, and had rented a server in North Dakota from where they accessed the employee's Gmail account, and another server in Texas, where they hosted the phishing pages.
Source: Soft Pedia
The attachment was purportedly a document being shared by the staff. When she opened the attachment she was sent to a login page for Gmail. Without checking the URL of the site, she entered her credentials. The hacker now had access to her account. The hacker sat on the account for three days, watching and opening her mail. Then he acted. First he directed all of her incoming mail to the trash folder. Then he deleted all of her contacts. And lastly, he sent out other spear-phishing emails to all her colleagues, crafted to mimic her actual emails.
The crafted emails also contained an attachment trying to lure staff members to also log into their Gmail accounts. It may have worked except for the fact that the hacker misspelled Exploratorium.
Staff tried to contact her about the email, but they all went into her trash folder. She was only alerted to the scam when an employee came and physically told her of the emails. She went to let everyone know that it was a scam, but found all her contacts had been deleted.
The IT staff took action and had her change her password for Gmail. Unfortunately, some of the staff had already opened the attachment and logged into their Gmail accounts. 54 staff members had opened the email, but it is unknown how many fell for the scam.
An investigation into the scam revealed that the attackers were based in Nigeria, and had rented a server in North Dakota from where they accessed the employee's Gmail account, and another server in Texas, where they hosted the phishing pages.
Source: Soft Pedia
Comments
