Highlights and Updates

How did the Syrian Electronic Army Hacked Forbes?

Saturday, 15th March 2014
The SEA hackers managed to hack forbes ultimately because they had the Senior Executives username and password. 
This is how they got it:

  • She received an email that seemed to have been sent by a reporter at Vice Media asking her to comment on a Reuters story. The link to the story was put in the email.

  • When the Senior Executive clicked on the link, the webpage that opened prompted her for her webmail credentials (username and password). Thinking her access to the page had timed out she went ahead and entered them in.

  • This email was infact sent by the hackers and her password was sent to them. Using her password they hacked into the Forbes website and the Forbes servers and the rest is history.

WHAT IS THE LESSON IN THIS?
This is typically how most email scams work that look to get your login credentials, it is exactly how the latest Google Docs Scam works.
You receive an email and there is a link in the email. You click on the link and it sends you to a (seemingly legitimate) page that asks you to enter in your password to login. You enter in your username and password and your password then gets sent to the hackers. 

Be wary of this and always double check the sender of the email and NEVER ENTER YOUR LOGIN DETAILS WHEN SENT THERE BY A LINK IN AN EMAIL.