Mona Eltahawy, an American-Egyptian writer and an advocate for human rights, has become a target of cyberspies, who tried to steal her password by sending her a booby-trapped email. They were using the same phishing technique that was used to compromise over half a dozen Egyptian human rights organisations.
Matching clues, such as the same credential-harvesting website and an identical email address, seem to suggest that the same attacker was involved. Eltahawy, who happens to be a fierce critic of Egypt’s regime, felt violated, but not surprised.
We are still waiting for Cairo officials to speak publicly on the issue of the phishing emails that were sent to civil society figures in the recent months.
On December 7th, Azza Soliman, a women’s rights attorney, was arrested. When Eltahawy received an email that supposedly contained an important document about her, she immediately opened it. She justified doing this because she is emotionally involved in what happened, prompting her to click the link.
The following day, Eltahawy received additional suspicious emails, and there was strange activity on her account. By that time, she had already recognised that something was not quite right. Through WhatsApp, she notified her partner that someone logged onto her computer from another neighbourhood in Cairo.
Her example is a clear demonstration of the power of phishing. Eltahawy’s hackers even managed to bypass an additional data security measure known as the two-factor authentication by having sent out a second round of malicious messages. She paid them a grudging compliment.