My encounter with successful social engineering attack
11/8/2018 9:41 AM- I was getting ready to Office when I received a call from one of our relatives, He was telling me about a hacking attempt on his email address due to which he was unable to receive any mail from yesterday, and an email is sent to all his contacts that he is in a life threatening situation in another country and he need money immediately. As a precaution he has changed his password but the issue didn't resolve. He was worried that his company's email and sensitive information is lost. He inquired if I can help him out since I was working in IT, I felt this was a opportunity for me to see hacking attempt first hand, I wanted to spend some time investigating in it, so I've asked him to share his mail details(Which is highly not recommended but at the situation I couldn't help it) and told him I'm heading to office and will have information by evening.
This excitement to see what happened got the better off me, so I stayed back at home logging into his email address for the first time on a browser, everything seemed normal in the mail account I didn't know where to start. The first thing I did was to check if there are any other devices connected to the same email account. I found a few, couple of Chrome browsers (Including mine - the current session), Moto G5S mobile device, and a few others. First I've signed out from all the devices except mine. The next thing I was looking at 'Recent Activity' to see if any password change has taken place in the last few days. I could see the password being changed 2 times one on November 7th 2018 at 2:01PM and the other one on same day at 11:47PM. I thought the first change was from hacker and the other one at 11:47 is by my relative but I later came to know that both the password changes were done by my relative. This made the problem interesting! No account change happened, but no email is being received. So I started with this, no email received - I went to my other mail box and started sending emails to the victim's mail box - Everything worked fine, I didn't receive any bounce back or any auto reply or anything but still the mail is not sent to the user. I've searched in all the folders thinking this can be due to a rule filter issue or something but no folder had the email, Lastly I've navigated to 'Deleted Items' and here it was. All the emails sent to this email address are automatically getting delivered to 'Deleted Items', now I know the problem so for the interim I called my relative and asked him to check the deleted items for the time being while I will work on the solution.
My first step as by anyone who knows computer - Google. So I started googling multiple query strings 'Emails aren't received in Yahoo Mail' , 'How do you fix Yahoo Mail that is not receiving email?Understanding secure sockets layer' etc. I got lot of results and I started going through 1 result at a time and finally I stumped into one Quora result - https://www.quora.com/How-do-you-fix-Yahoo-Mail-that-is-not-receiving-email, which had a question exactly as the one I was facing
This excitement to see what happened got the better off me, so I stayed back at home logging into his email address for the first time on a browser, everything seemed normal in the mail account I didn't know where to start. The first thing I did was to check if there are any other devices connected to the same email account. I found a few, couple of Chrome browsers (Including mine - the current session), Moto G5S mobile device, and a few others. First I've signed out from all the devices except mine. The next thing I was looking at 'Recent Activity' to see if any password change has taken place in the last few days. I could see the password being changed 2 times one on November 7th 2018 at 2:01PM and the other one on same day at 11:47PM. I thought the first change was from hacker and the other one at 11:47 is by my relative but I later came to know that both the password changes were done by my relative. This made the problem interesting! No account change happened, but no email is being received. So I started with this, no email received - I went to my other mail box and started sending emails to the victim's mail box - Everything worked fine, I didn't receive any bounce back or any auto reply or anything but still the mail is not sent to the user. I've searched in all the folders thinking this can be due to a rule filter issue or something but no folder had the email, Lastly I've navigated to 'Deleted Items' and here it was. All the emails sent to this email address are automatically getting delivered to 'Deleted Items', now I know the problem so for the interim I called my relative and asked him to check the deleted items for the time being while I will work on the solution.
My first step as by anyone who knows computer - Google. So I started googling multiple query strings 'Emails aren't received in Yahoo Mail' , 'How do you fix Yahoo Mail that is not receiving email?Understanding secure sockets layer' etc. I got lot of results and I started going through 1 result at a time and finally I stumped into one Quora result - https://www.quora.com/How-do-you-fix-Yahoo-Mail-that-is-not-receiving-email, which had a question exactly as the one I was facing
Your messages are filtered to the Trash or Spam folder
This used to be a very common tactic, and though it has seemed to wane somewhat in recent years, it is still very common.
Filters can be set in your Yahoo Mail account that will direct incoming emails into specific folders. You can set messages from your annoying ex to automatically arrive in the Trash folder, for instance.
For help understanding how to check your filters, but how you can use them yourself to manage your Inbox, please check out Filters in Yahoo Mail.
I thought I've an answer to my problem and went through Yahoo web and started looking for filters, to my horror there were no filters of the above said rule. So to verify I've created another filter to Move all incoming messages into 'Inbox', the rule didn't work I was still receiving emails in 'Deleted Items', then I thought it can be due to a device sync issue so I've decided I'll try the same with Yahoo mobile app, I've installed Yahoo Mail app, Logged in with the victim's email address and searched for Filters, at first I couldn't see anything - the list was empty but on careful observation I found the first line has a small dot so I tapped on it and here was the rule which mentioned every email address received should be sent to 'Deleted Items' , So I immediately deleted that filter and retried sending emails from different account, this time they are received in 'Inbox'. Relieved, I called my relative to tell him everything is working fine now.
I realized not all social engineering attacks are targeted at obvious places like changing passwords - which in this case is tough and easily detectable. A simple rule change through social engineering is enough to scare people
Thanks for the valuable information. Hackers are targeting the growing dependence of people on digital resources in today's world. IARM(https://www.iarminfo.com/), a Leading Cyber Security Company in Bangalore provides the strategy for maintaining information protection for good cyber hygiene, checking sources and keeping official alerts up-to-date. Cybersecurity is the backbone of many industries.
ReplyDelete