Long Cast Phishing

539

Having encountered several friends and associates who have suffered, what seemed to be sustained Phishing Campaigns I decided to invest some time and bated-responses to set up a little research experiment to prove, or disprove a suspected theory – but for me, theories are only proven when they are put to the test, so I set the stage.

All of those who I had spoken to, all had two factors in common, one of which was each one of them in a very small window of time had received multiple Phishing, Vishing communications with a hooked bait topic, ranging from offers, locked Paypal Accounts, Apple ID update, through to Amazon Tracking emails and unexpected files shared through Dropbox – all of which were fake, and sent by spammers within a period of just 5 days. The second common area was, without exception, each of my samples had completed an online document, providing the attacker with multiple pieces of information – e.g. Telephone number, email address etc!

Below are some examples of the Spams which were received:

So to set the research ball rolling, I followed their actions on one of the danger-sites which seemed to have initiated a campaign – and as if by magic, the same conditions were replicated, and the phishing stared to pour into the email box, cell phones and by text – exactly the same condition that had been encountered by those who had shared their adverse experiences with me.

Conclusion

My conclusions here are somewhat obvious, born out of my first-hand encounter with what I call Long-Cast Phishing:

  1. Where information is shared with a criminal entity (Hacker of otherwise) there is a high probability it will be subject to further abuse
  1. Where multiple elements of information are exposed to a criminal entity. For example, email address, cell phone etc – expect each one of these elements to be potentially abused in their own channel of communication
  1. When sensitive contact information is harvested by a criminal entity, such data assets have a value, so one may expect them to be shared on the Darkweb – Personal Information, or Credit Card information which has been supplied with the required details to transact a Card-Not Present opportunity is valuable and holds a resale value

Putting the above considerations and conclusions into a real-world 2018 context, focuses the mind on the recent discoveries of security breaches the like of which has been observed at BA. The abuse of any valuable data assets will not necessarily be subject to immediate use – they may sit in the potential attackers’ hands until they are ready for exploitation to their own criminal advantage. However, one thing is for sure here, the dangers of encountering a Long Cast Phishing Campaign are common and active, and no matter the type of user, they must be served with Security Education and Awareness to underpin their own personal Cyber-Security.

Professor John Walker
john_walkerVisiting Professor at the School of Science and Technology at Nottingham Trent University (NTU), Visiting Professor/Lecturer at the University of Slavonia [to 2015], Independent Consultant, Practicing Expert Witness, ENISA CEI Listed Expert, Editorial Member of the Cyber Security Research Institute (CRSI), Fellow of the British Computer Society (BCS), Fellow of the Royal Society of the Arts (RSA), Board Advisor to the Digital Trust, Writer for SC Magazine UK, Originator of DarkWeb Threat Intelligence, CSIRT, Attack Remediation and Cyber Training Service/Platform, Accreditation Assessor and Academic Practitioner and Accredited Advisor to the Chartered Society of Forensic Sciences in the area of Digital/Cyber Forensics.
Twitter: @SBLTD 
John Walker is also our Expert Panel member.  To find out more about our panel members visit the biographies page.

Professor John Walker Web Site
In this article