Reply All: #97 What Kind Of Idiot Gets Phished?
May 19, 2017 7:47 AM - Subscribe

This week, Phia wonders what kind of person falls for phishing attacks. Is it only insanely gullible luddites, or can smart, tech savvy people get phished, too? To find out, she conducts an experiment on her poor, unsuspecting coworkers.
posted by dnash (6 comments total) 1 user marked this as a favorite
 
I really enjoyed this - it's always fun when this crew does these kinds of experiments on each other.

I note though that the phishing attempts were really only successful by being very specifically targeted and impersonating someone people know. And not just, like, email from a friend that's just a link - the guy wrote actual messages with content aimed at seeming more real.
posted by dnash at 7:52 AM on May 19


Great tweets by podcaster and friend-of-every-podcast Linda Holmes:

Every episode of @replyall is called "Something Terrible Is Happening To You Right Now And You Don't Even Realize It."

Motto: "Do you have generalized anxiety? Would you like to? Then check out Reply All, wherever you get podcasts."

I also agree with dnash that this wasn't quite analogous to most phishing attempts because it was so highly targeted. But I think the point was proven.

Also, the way the phisher circumvented the 2-factor auth was pretty eye-opening.
posted by radioamy at 3:10 PM on May 19


I wondered how often that kind of phishing attack occurs in general? I mean obviously for the John Podesta or other big whale situation, I can see the value, but do hackers really do that when trying to get regular randos to give up their email passwords or credit card info?

gimletmedia vs. gimletrnedia doesn't look too convincing in Classic Theme, I must say.
posted by slenderloris at 4:26 PM on May 19


This targeted phishing is called spearphishing. Sarah Jeong wrote about it in GQ recently and we discussed it here.
posted by maudlin at 9:57 PM on May 19 [1 favorite]


I really enjoyed this. They went far beyond up for my initial, "really, someone who works full time on a radio show about the internet is surprised that email headers can be forged" reaction by going much deeper with both the look-alike domain and the google two-factor hack. They more than made up for my disappointment at using a from-address belonging to an internal conspirator with the final attempt. Bravo!

I'm curious exactly how the two-factor thing works, though. Does their security researcher friend also own a google-alike domain and pull the same trick twice? Or does gimlet transparently use google authentication for things that are apparently served from within their own gimlet internal pages? (As someone very far outside of corporate IT, that sounds very strange, but I guess it could be true.)

Or, do they just rely on the fact that once you've already accepted that a message is from someone you know and clicked on a link to what looks like your own server, a redirect to somewhere else is unlikely to be noticed? I'd like to think that if a link to a file apparently hosted on my workplace's server asked me for google credentials, I'd be appropriately suspicious. But, everyone is dumb some of the time, and it only has to happen once.
posted by eotvos at 10:59 AM on May 24


I'm curious exactly how the two-factor thing works, though. Does their security researcher friend also own a google-alike domain and pull the same trick twice? Or does gimlet transparently use google authentication for things that are apparently served from within their own gimlet internal pages? (As someone very far outside of corporate IT, that sounds very strange, but I guess it could be true.) 

In my small company, Google is used for email - I have a Gmail account that gets the email addressed to me@mycompany.com. For many other companies, Google docs is used as the office suite, and/or Google drive as the file share. This is particularly true for companies that are or started small in recent years, even technology adjacent ones like my company or (presumably) Gimlet.
posted by Homeboy Trouble at 10:52 PM on May 28 [1 favorite]


« Older Podcast: The Adventure Zone: E...   |  RuPaul's Drag Race: Your Pilot... Newer »

You are not logged in, either login or create an account to post comments