For a renowned journalist, an invitation to speak at a French institution should not be a source of alarm. And it wasn’t for Alaa, until it led to a hacking attack that compromised his email.
Hacking and exploitation through online social interactions is not a new phenomenon. The term ‘social engineering’ can be traced back to 1894, when Dutch industrialist J.C. Van Marken highlighted the importance of specialists who were familiar with both human and technical matters. Just like an engineer would fix machinery, a “social engineer” would improve human affairs.
But the term took a darker twist in the digital age. Today, social engineering means social manipulation. It is a tactic used by hackers to gain their targets’ trust and obtain sensitive information (such as passwords, credit card numbers, or even remote access). All social engineering attacks start with one thing: Gathering information about the target.
The hacker’s strategy
In Alaa’s case (an alias adopted for privacy reasons), the hacker pretended to be an important public figure at a renowned French institution. Throughout their email correspondence, “Mr. French” extended an invitation to Alaa to give an expert talk at a university in the UAE.
Next, the hacker sent Alaa a “contract” that looked like a Google Drive link. It was the malicious link that would lead to the hack. The hacker was trying to access his Gmail account.
When Alaa clicked the link, it led him to a page seeking his Gmail username and password. He unwittingly entered his credentials only to realize that he had just been hacked.
This is a type of social engineering tactic called a “phishing link attack.” The hacker manipulates the target to click on a malicious link that either gains access to a system or asks for security credentials. Alaa unknowingly entered his credentials, thinking he was going to read a contract to work with a known public figure affiliated with a reputable university. Instead, the hacker gained unauthorized access to his Gmail account, leading to suspicious activities and unauthorized modifications on his Google Drive.
Alaa reached out to SMEX to investigate the cyberattack carried out against him. Our Forensic Analysis team found out that the perpetrators were a group called “Charming Kitten,” a cyberespionage unit run by the Iranian government and affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC).
This group has previously targeted journalists, academics, and organizations in the WANA region. Two Human Rights Watch staff members have also been targeted by this group. SMEX concluded that the attack was by Charming Kitten based on the type of malware they have used in past cyberattacks of the same nature.
How to avoid phishing links
For a social engineering attack to work, the hacker needs to be extremely smart, patient, and adaptable. Very few hackers prepare a script in advance or know how the victim would react. The attacker is only armed with the intelligence gathered in the beginning.
There are ways to prevent yourself from falling into a social engineering attack:
- Double-check the source of any suspicious calls, texts, or emails. Look up the entity or person’s name online to verify who they are.
- Do not open any email attachments from a person or entity you don’t trust, and delete emails that ask for personal and sensitive information.
- Do not open any emails that promise prizes or that tell you that you have won something.
- Only download software from approved sources.
- If an urgent request for help seems suspicious, odds are that it will be malicious.
- Having antivirus software helps with protecting your data.
- Contact the IT department about anything you find suspicious.
Aside from prevention measures, there are certain social dynamics to look out for in case you are actively being targeted. Watch out for people being too eager to get you to click on a link, as well as trying to find out a lot of personal information about you over a period of time. Charming Kitten, the group that hacked Alaa’s email, is known to engage in idle conversation for several weeks before implementing their cyberattack.
If you receive an enticing offer that seems too good to be true, practice due diligence by treating it like suspicious activity. The alternatives can be devastating, so being this careful is worth going through all the trouble.
Social engineering attacks rely primarily on manipulation. This is why it can be very easy to fall for them. Being aware that these attacks exist and practicing prevention measures not only protects you but also everyone else in your personal and professional lives.
If you find yourself the target of a cyberattack of this nature, you can send an email to the SMEX Safety Helpdesk at helpdesk@smex.org or send us a message on Signal or WhatsApp at +961 81 633 133.