Motherboard reports on hilariously insistent efforts made by mystery correspondents to trick people into thinking they are news reporters.
The campaign uses sophisticated techniques to get around the extra protection provided by Gmail’s two-factor authentication, which requires a password and a token to log in, as detailed in a new report published on Thursday by Citizen Lab, a research group at the University of Toronto’s Munk School of Global Affairs. While the report doesn’t conclusively point fingers, victims and experts alike think the campaign was likely led by hackers with direct links to the Iranian government or the Iranian Revolutionary Guard Corps (IRGC).
The sheer persistence of the “hacker” raised a red flag for one recipient, who got a phone call asking them if they’d received an email: “That’s when I started to get suspicious—no journalist is THAT demanding,” she said.
This behavior actually makes me think it was a PR person!
The “journalist” then sent the same email, but this time using a Gmail account. The first email was made to look like it was from a Reuters account. There were still no questions in the body, and, once again, it included the phishing link.
“And that’s when I knew something weird was going on,” York said, adding that she started “trolling him” by saying she wasn’t going to be able to open the attachment because that’s bad security practice.
At that point, the alleged journalist “got angry” and frustrated, even demanding, “This is from my personal address! Just open it!”
“It was sort of pathetic at that point,” York said, and she stopped answering the phone.
Seriously, $1 says this is just a PR person.