This article is about an ethical hacker that is fighting fire with fire. Florian Lukavsky is working with police using a technique called “whaling” to obtain criminal identities and credentials. These criminals targeted CEOs and financial controllers at large and small corporations with requests to urgently wire funds for overdue invoices. This social engineering scam has resulted in an estimated $2.2 Billion of fraud losses in 14,000 reported cases.
Florian flipped the script and began replying to the criminals with malicious PDF documents that were disguised as transaction confirmations. The malware helped to obtain twitter handles, user names, and identity information that is being used to apprehend the criminals.
I thought this was a great example of an ethical hacker collaborating with authorities to expose these cyber criminals.
http://www.theregister.co.uk/2016/09/06/hacker_hacks_ceo_wire_transfer_scammers_sends_win_10_creds_to_cops/
One thing to keep in mind is that the attackers a frequently not in the country of the victim. So even if you catch them, can be difficult to prosecute. Last year it was Israeli criminals attacking frecnh companies. For some reason the Israelis seemed to be particularly effective against the French.
It seems that “whaling” is the technique the hackers are using, a term for a phishing scam targeting large companies. I think one of the best things to watch is when the script gets flipped in a scammers face. There is actually a collection on YouTube of people wasting phone scammer’s time trying to hack into virtual machines that are clean. It still is very sad how easy it is to impersonate someone via email and to receive millions of dollars that if done right are untraceable.