What is Phishing?
Phishing is a tactic to steal personal information, by tricking you into entering passwords into websites that look legitimate, but are really fake.
Phishing can be used by criminals to steal bank information and for other financial crimes, but it can also be used to spy on someone.
The Citizen Lab has investigated many cases where phishing is used against journalists, activists and humanitarians by groups that are trying to spy on their activities. Like the rest of us, journalists, activists and humanitarians store their lives online. Through their online accounts they communicate, mobilize, and organize political activities. Phishing is a relatively inexpensive way for spies to break into accounts and collect sensitive information.
Tibetan journalists and activists targeted by phishing
The Tibetan community have been persistently targeted by digital spying for over a decade. Recently the community has received phishing emails designed to steal Gmail passwords.
Here’s how it works:
A Tibetan activist receives an email. The email looks like it was sent by a member of the Tibetan community and says it is sharing drafts of logo images that will be published on a Tibetan website.
While the email appeared to include attached files, the files were actually links that go to a website that has been made to look like a Google Drive domain.
Clicking on the link sends the user to what appears to be a Google login page, but is actually a phishing page.
Any usernames or passwords entered into this site are sent to the operators of the phishing page who can then login into the target’s account and steal information.
After the target presses the fake login button, the operators use a clever trick of redirecting the user to a file on the real Google Drive website. The file is the draft image described in the email. Sending the target to this harmless file makes it seem like nothing bad actually happened.
You can protect yourself from phishing like this by being careful about emails and links you receive. Be especially careful with links that take you to what appear to be login pages. You can also protect yourself by enabling 2-step verification on your online accounts. Set up 2-step verification now.
Read more: Shifting Tactics: Tracking changes in years-long espionage campaign against Tibetans
Large Scale Phishing Campaign Targeting Civil Society in Egypt
In 2016, activists, lawyers, and journalists in Egypt were targeted by a large scale phishing campaign that involved over 90 phishing emails. Almost all of the identified targets of the campaign are implicated in Case 173, a legal case led by the Egyptian government against non-governmental organizations, which has been referred to as an "unprecedented crackdown" on Egypt’s civil society.
The phishing emails pretended to come from services like Dropbox and Google, and mentioned facts that were relevant to the target to convince them to click a link for more information.
Here’s one example:
In December 2016, Azza Soliman, a high-profile Egyptian lawyer who directs a women’s legal aid center, was arrested at her home. Hours after the arrest, while Soliman was being questioned by police, some of her colleagues received an email that looked like a notification from Dropbox. The email said it was sharing the document of Soliman’s arrest warrant.
While the email looks like it is from Dropbox at first glance, a closer look at the sender email address reveals it is sent from a Gmail account. A careful look at the link that says it is to Dropbox shows that it leads to a domain that is not actually Dropbox.
Clicking on the link leads to a Dropbox credential phishing page that already has the target’s username filled out. All the target has to do is enter the password, and their Dropbox account will be taken over.
You can protect yourself from phishing like this by being careful about emails and links you receive. Be especially careful with links that take you to what appear to be login pages. You can also protect yourself by and by enabling 2-step verification on your online accounts. Set up 2-step verification now.
Nile Phish: Large-Scale Phishing Campaign Targeting Egyptian Civil Society