A THREAD: How I shut down scammers who used a phishing email to steal personal information from a friend
One of my close friends recently let me know they fell victim for a phishing email scam. She got one of these fake @Apple emails sent to her.
There was also a realistic invoice attachment included. pic.twitter.com/P1hHzMoWI6
Basically they claimed she had charges on her account and if she wanted to cancel them, she needed to verify certain information, which she did. Immediately after, she learned this was not @Apple.
After hearing all of the stuff she had to go through to make sure her identity was safe, engineering me went to work.
Step 1: Research
I started by figuring out how I can mess up the data they take in. After she forwarded me the email, I went through the website flow and looked at the network request data while entering fake data. pic.twitter.com/bcNcwTf9xu
Step 2: Mask On
After looking this over. I wrote some code to submit a whole bunch of fake data. I submitted 2000+ data entries periodically throughout the day. The goal was to hopefully help mask the real information from the scammers.
Step 3: The Shutdown
I figured that this phishing scam will need to be put to rest. No one else should experience this. So I wrote so more code for a DOS attack.
A DoS attack, or denial-of-service attack, is when you attempt to prevent users from accessing a service. In this case, the “users” were innocent people on a fake @Apple webpage being scammed of their data.
The code I wrote was simple. It will hit the website nonstop until I manually stopped the script. 😭 pic.twitter.com/80CIlt4cnZ
To add to the fire, I ran this code on over 50+ terminal windows....until pic.twitter.com/cB1SQhxIZM
After about 30-45 mins of hitting the server nonstop, I finally took down the website pic.twitter.com/S2L1GBKl7P
I decided to make sure it didn’t load on different computer just to be safe😉.
It’s been down ever since. pic.twitter.com/ehgDa9CVHP
And just like that, they are out of business..... for now.
Moral of the story. Watch the emails you get, and ask yourself if the information they are asking for makes sense.
Also don’t fuck with people who have friends that know how to code 😛
Shameless Plug: If you are interested in the side project currently I’m working on, check out https://t.co/JPZwWIPL1p
Perze Ababa @perze