Chat with us, powered by LiveChat

For All Enquiries

1300 731 939

If Scott Morrison emails you, check the header

Cyber criminals know how easily you can be tricked.

By David Braue on Sep 20 2019 03:58 PM–check-the-header

Easily manipulated online personas have blurred the line between reality and confection, James Linton admits – but he’s unrepentant about an email manipulation prank in which he temporarily “became” Donald Trump Jr, Hugh Jackman, several Trump administration officials, Kevin Spacey, and even Harvey Weinstein.

For five months in 2016 and 2017, Linton – basking in the anonymity of a Twitter account called SINON_REBORN – created lookalike email accounts and blind-emailed high-profile individuals in the political, financial, and entertainment industries.

He never expected that his first ruse – writing conservative identity Ann Coulter posing as Donald Trump-allied former Sheriff David Clarke – would work so well.

But Coulter responded to Clarke’s “request” to review an article on immigration with a genuineness that told Linton he was onto something.

“I didn’t expect it to be quite so easy, but I just rode my curiosity and didn’t think too much about it,” he told Information Age.

Within weeks, he was juggling 150 email accounts and trying, with some success, to ensnare high-profile targets in all manner of casual interactions.

Posing as Barclays chairman John McFarlane got him an answer from CEO Jes Staley within half an hour, while Linton emulated former chief of staff Reince Priebus to troll Anthony Scaramucci in the days after volatile internecine conflict got Scaramucci fired after just 10 days.

The surprisingly effective campaign kept Linton busy – and eventually got the 39-year-old fired from the Manchester advertising firm where he was working in an “unfulfilling” career.

“I honestly was very ignorant about all things cyber,” he confessed, noting that he “didn’t have a long-term plan with it. But I was on a slightly personal journey of feeling a bit frustrated at the time.”

Hiding the important details

That frustration led Linton – who now works as a threat researcher within the Agari Cyber Intelligence Division (ACID) – to discover the surprisingly easy methods for manipulating the appearance of emails, whose security has largely gone unchanged for many years.

Simplified user interfaces were hiding many of the details that his ‘victims’ might have used to spot the ruse: “designers had been putting the more-technical data towards the background,” he explained, “behind dropdowns or just not there at all.”

“In doing that, I came to the conclusion that besides the name on top of the email, and the content of the message, there really wasn’t any other way to identify who was sending it.”

“If you could match the tone of voice of the written word, you could possibly pass yourself off as someone else. It’s no accident that the majority of fraudulent emails from cybercriminals use the same tactic.”

Deceptive phishing emails have become the leading vector for spreading malware, with targets tricked into opening an email attachment allegedly from a known and trusted contact – whose details have actually been plucked from the victim’s contact list.

Other scams involve spoofed reply-to address, spoofed sender address, spoofed name, or using a lookalike domain that seems correct to the recipient but is actually owned by the scammer.

Recent scams have emulated organisations – Australia Post and the Australian Taxation Office are perennial favourites – so frequently that a recent Norton survey found 42 per cent of respondents said they had received such scam attempts.

High-profile individuals were particularly vulnerable, with the recent Proofpoint Human Factor Report 2019 warning that cybercriminals were favouring ‘Very Attacked People’ whose email accounts and online identities could be easily located with a Google search.

Businesses not responding well

Recent ACCC figures suggested that scams had already taken over $16m from Australians this year, while a Melbourne woman was this month arrested for a $10m superannuation scam and a British CEO bilked out of more than $350,000 by scammers using an AI-generated spoken voice over the phone.

“We are seeing organisations on a monthly basis share pretty terrible circumstances as to why transactions have been made,” said Dane Meah, CEO of security firm InfoTrust, which sponsored Linton’s recent speaking tour of Australia.

“In a moment of weakness, a well-crafted email is really believable. It’s real panic stations, people are losing their jobs – and it has a real impact on people’s lives and a flow-on impact on those people.”

Linton’s pranking spree caused a few red faces but no harm was done, and he is now working as a speaker and consultant to highlight the ongoing risks of email attacks and human susceptibility – which, Proofpoint noted, is responsible for 99 per cent of successful compromises.

No less than the Australian Signals Directorate is encouraging companies to implement anti-spoofing DMARC technology, but audits have found adoption to be slow.

The whole experience has shown Linton, and those he now speaks with and presents to, how important – and increasingly difficult – it is to be sure about whom you are engaging with online.

“Part of me is wondering what is going to happen,” Linton says. “Is all proof and believability going to be eradicated entirely because we have flipped that on its head – and anything you watch on a screen could hypothetically be created artificially?”

“If you start doing that to leaders of nations, it really does become quite a worrying trend,” he says. “Faith in what you see and read is going to be a huge thing, and I think there will be a battle to retain that integrity.”

Hav a question

Have a Question?

Give us a Call

Contact Us
Excel 2013 – Level 2
November 26, 2015 25% off
Thank You. We will contact you as soon as possible.
Featured Course: Excel Level 2
Learn to use excel with this intermediate level one day course from MIS Global Technologies and gain the following skills:
  • Reference functions
  • Use Database Tables
  • Data Validation tools
  • Use Hyperlinks
  • Protect workbooks
Thank You. We will contact you as soon as possible.
Excel Level 2
Featured Course: Office 365
This is a 5-day Instructor Led Training (ILT) course that targets the needs of IT professionals who take part in evaluating, planning, deploying, and operating Office 365 services. You will learn how to:
  • Implement and Manage Identities by Using DirSync
  • Manage Clients and End-User Devices
  • Provision SharePoint Online Site Collections
  • Configure Exchange Online and Lync Online for End Users
Thank You. We will contact you as soon as possible.
MIS Global Technologies
Phone: 1300 731 939
Suite 513, Level 5 Westfield Office Tower
159-175 Church Street Parramatta NSW 2150
Thank You. We will contact you as soon as possible.
We're happy to answer any questions you may have or provide you with any help you need when choosing the course that's right for you. Please leave a message in the form below and one of our friendly staff will get back to you as soon as possible
Thankyou! Your enquiry has been sent successfully. One of our friendly staff will get back to you soon. For anything urgent you can always call us on 1300 731 939
Featured Course: Excel Level 1
Learn to use excel with our one day course for beginners at MIS Global Technologies and learn about the following:
  • How to enter and edit data
  • How to Insert rows and columns
  • The BEDMAS rule
  • How to format dates
  • How to modify the header or footer
Reserve Your Place Today
Thank You. We will contact you as soon as possible.
Excel Level 2
Please leave a message and let us know which course you are interested in taking with us. One of our friendly staff will contact you as soon as they are available and will help you with your studies.
Thank you for your interest