Research by Amnesty Tech found that new phishing scams are being used to target the email addresses of activists, to determine their location, passwords and secret work
Attackers who use phishing scams to target human rights defenders in the Middle East and North Africa (MENA) are developing increasingly sophisticated techniques to infiltrate their accounts and bypass digital security tools, according to new research published by Amnesty Tech.
What is phishing?
Credentials phishing (or “Password-Stealing Phishing”) consists in the creation of a website that imitates the login prompt of a given online service, such as Gmail or Facebook, with the objective of luring a victim into visiting the malicious page and entering their username and passwords, thereby transmitting these credentials to the attackers.
Amnesty Tech highlighted three key tactics that attackers are employing to trick people who take extra steps to secure their accounts online.
These include asking users to reset the password on their Google accounts; tricking them into authorising apps which purport to “secure” their Outlook accounts; and abusing legitimate authentication process apps to infiltrate accounts.
Claudio Guarnieri, Senior Technologist at Amnesty Tech, said:
“Human rights defenders across MENA need to be on high alert. Even as they get better at using digital tools to secure their accounts, attackers are developing sophisticated new ways to get past these tools.
many activists risk arbitrary arrest, detention, or torture and other ill-treatment
“Phishing scams can have disastrous consequences for human rights defenders and journalists in the MENA region. The stakes are very high – many activists risk arbitrary arrest, detention, or torture and other ill-treatment if their online accounts are compromised.”
Amnesty Tech has published a full briefing detailing the new wave of attacks, including screenshots and detailed guidelines on what to look out for.
In July, several human rights defenders in the MENA region received new malicious emails that they shared with Amnesty. They revealed a renewed campaign of targeted phishing which Amnesty believes to be orchestrated by the same attackers – or by a closely related group – to that documented by Amnesty Tech in December last year.
The sophisticated nature of these attacks means that even good defences against phishing such as two-factor authentication are not enough to fully protect human rights defenders.