14 Aug 2017

Imposter Email Lures White House Staff

Author:

Email Prankster Threatens National Security

Why was the newly minted White House communications director, Scaramucci, fired? We don’t know for sure. But an examination of his emails would have shown that he spent the weekend responding to spear phishing emails purported to be sent from Reince Preibus, former White House chief of staff.

Politicians in Washington struggle to create their own identities and maintain good relationships with colleagues. Meanwhile an email prankster is successfully impersonating members of the executive office and others, and publishing their private responses. This type of prank can weaken relationships in The White House and destroy diplomacy.

One Crazy Weekend

Over the weekend, the famed email prankster @SINON_REBORN tricked White House Communications Director Anthony Scaramucci into responding to a fake email from former White House Chief of Staff Reince Priebus who had just left his job on Friday, July 28th. So, these messages were sent AFTER Priebus resigned and BEFORE Scaramucci was fired.

The email exchange is disturbing because it reveals how much damage one fake email can cause. As you can see from the email exchange (below), Scaramucci had no problem believing the unverified email came from former White House Chief of Staff Reince Priebus. He quickly shot back a vicious response. Source This type spear phishing (aka “Whaling”) is often used to obtain login details, trick people into paying fake invoices or sending funds to imposter bank accounts, steal financial information and sometimes, total identity theft.

Fake Priebus Writes:

“I had promised myself I would leave my hands mud free but after reading your tweet today which stated how; ‘soon we will learn who in the media who has class, and who hasn’t’, has pushed me to this. That tweet was breathtakingly hypocritical, even for you. At no stage have you acted in a way that’s even remotely classy, yet you believe that’s the standard by which everyone should behave towards you? General Kelly will do a fine job. I’ll even admit he will do a better job than me. But the way in which that transition has come about has been diabolical. And hurtful. I don’t expect a reply.”

Real Scaramucci Responds:

“You know what you did. We all do. Even today. But rest assured we were prepared. A Man would apologize.”

Fake Priebus

“I can’t believe you are questioning my ethics! The so called ‘Mooch’, who can’t even manage his first week in the White House without leaving upset in his wake. I have nothing to apologize for.”

Real Scaramucci:

“Read Shakespeare. Particularly Othello. You are right there. My family is fine by the way and will thrive. I know what you did. No more replies from me.”

Tip of the Iceberg

Scaramucci was not on the only victim of the email prankster. Homeland Security Advisor Tom Bossert responded to a fake email from Jared Kushner. Russian Ambassador-designate Jon Huntsman responded to a fake email from Eric Trump. All of these victims failed a basic cybersecurity awareness test. The prankster, @SINON_REBORN did not mask his email account. He sent messages from mail.com. The recipient could have put a cursor above the email sender’s name to see the real email address. Yet, they all failed to take this basic measure. Even Bossert, a homeland security expert, failed the test.

You may have heard of @SINON_REBORN. He was the email prankster who recently sent spear phishing emails to the heads of major banks. He is known for trying to draw attention to the cybersecurity threat without endangering national security. But, of course, he is a huge threat to national security.

Foreign governments reading these email exchanges could be tempted to start a spear phishing campaign of their own. What could they learn about our government by sending an informal email from a friend, colleague or spouse?

Members of the US government — and most other companies that use email for important business — should be utilizing technology like RMail’s Anti-Whaling email imposter protection to alert for this type of spear phishing message that Tech Essentials refers to as “Whaling”.

RMail’s Anti-Whaling™ email imposter detection technology uses advanced algorithms to analyze message characteristics and patterns, alerting the recipient if their reply is likely to be routed to an imposter of this type.

To learn more about RPost Anti-Whaling™ email technology visit: www.rmail.com/anti-whaling.