How'd they pull this off?

I was at the bar tonight and talked to someone about my involvement in cybersecurity, and all the top level stuff a new person would be willing to talk about. (I'm a 2nd year web developer in a cybersecurity company, but also do packet/wifi/rf hacking in my freetime and have gone to defcon a few times now) They mentioned that last year they had received a phishing text posing as the Illinois secretary of state only a day or so after submitting their Drivers license renewal form online. The phishing campaign itself is already well known, as reported here ( https://abc7chicago.com/phishing-illinois-secretary-of-state-ides-social-security-number/10840281/ )

The campaign itself isn't surprising, it's another phishing attack. My question is, how did they manage to find and target these people. Most of them received the messages after having recently been on the Illinois secretary of state website. What would the attackers have likely compromised to be able to find these targets?

submitted by /u/00101100BendertheRob
[link] [comments]

from hacking: security in practice https://ift.tt/dp4B2Sm

Comments