- Amnesty International report points to the Egyptian authorities for the recent phishing attacks.
- The targets were specific, and mostly on advocates of free speech and defenders of human rights.
- The phishing is carried out through a malicious app that can trick targets into granting it full access to their email accounts.
A recent investigation report by Amnesty International (AI) attributes a recent wave of phishing attacks that targeted Egyptian citizens to the country’s authorities, and by extension, the government. The human rights protection organization has been tracking similar activity in the past as well, as we had reported back in December. Leaving no doubt about the responsibility of the Egyptian authorities, the report writes: “AI is deeply concerned that these phishing attacks represent yet another attempt by the authorities to stifle Egyptian civil society and calls on the Egyptian authorities to end these attacks on human rights defenders, and the crackdown on civil society, including by dropping the foreign funding case and repealing the NGO law.”
This most recent wave started in January 2019 and is still ongoing to up to a point. According to the report, there’s an estimate of several hundreds of individuals that have been targeted through OAuth Phishing, with the number of attacks spiking around the time of key events in the country, such as the “Uprising Anniversary” in the 25th of January, and the French President’s visit to Cairo four days later. All of the detected attacks feature the same pattern, while in several of them, Google has warned targets that the attack derives from the Egyptian government.
The phishing email poses as a “Critical Security Alert” coming from Google and concerning the safety of their account. The email urges the account holder to update their Google Account information, and if the target clicks on the relevant button on the message, they will get directed to a fake “Secure Mail” prompt.
The phishing app is asking for the complete access to the victim's email account, and if the target grants it, they automatically hand over access to their emails. To prevent the victims from figuring out that something was “phishy” about that last step, the app redirects them to the real Google account settings page upon the clicking of the “Allow” button.
Gmail is not the only platform that’s targeted however, as similar methods are employed to target Yahoo, Outlook, and even Hotmail users. Activists, human rights defenders, journalists, and advocates of positions that go against the Egyptian government should review their 3rd party authorization settings, as well as their account activity information page. Emails that come from the following email addresses are phishing messages:
If you have been contacted by one of the above addresses, or you suspect that you have been the victim of a government-backed phishing attempt, you should reach out to “firstname.lastname@example.org” with the details.