Enlarge / A phishing e-mail aimed at worker rights activists in Qatar and Nepal crafted to fool targets into giving up their credentials. (credit: Amnesty International)
Over the course of the last year, a number of human rights organizations, labor unions, and journalists were targeted in a “phishing” campaign that attempted to steal the Google credentials of targets by luring them into viewing documents online. The campaign, uncovered by Amnesty International, is interesting largely because of the extent to which whoever was behind the attack used social media to create a complete persona behind the messages—a fictional rights activist named Safeena Malik.
Malik translates from Arabic as “King,” so Amnesty International refers to the spear-phishing campaign in a report posted to Medium today as “Operation Kingphish.”
The party or parties behind the operation created Facebook, Google, LinkedIn, and Twitter profiles for “Safeena Malik” using a young woman’s photos, which were apparently harvested from another social media account. “It appears that the attackers may have impersonated the identity of a real young woman and stole her pictures to construct the fake profile,” wrote Nex, a security researcher working with Amnesty International, “along with a professional biography also stolen from yet another person.”