Cybersecurity awareness often focuses on keeping your antenna up for threats. Sometimes it's a reminder to Be On The Look Out (BOLO) for a specific threat. In a recent Washington Post article, Tim Starks outlines what he calls the “long con,” a highly targeted phishing attempt that doesn’t follow the traditional phishing approach.
According to Starks:
“In recent years, these phishing attempts have become more sophisticated. Sometimes they don’t even include links or attachments. Instead, the hackers build rapport with experts…”
The long con uses impersonation and repeated contact over time to develop relationships with the target. Eventually, the bad actor may send an email with a malicious link or attachment with malware. By the time that email arrives, the target’s guard is down and they are more likely to click or download without much thought.
Or they might never attempt to steal credentials or drop malicious code on a computer. They may be engaged in espionage of other sorts, such as developing information sources used for other intelligence purposes or attempting to influence the recipient of the emails toward specific policy ideas sympathetic to a country or other stakeholders.
Why is understanding the long con important to people in the political sector? Because if you work for a campaign or political organization, you are at a higher risk and could be targeted because of your affiliation.
Another reason to be on high alert is that most phishing prevention has been based on training computer users to be defended against individual attempts of phishing through email, texts, or social posts. Spam and anti-phishing programs that protect most inboxes and text messages are good at blocking or alerting users to the vast majority of phishing attempts. And most of us are pretty savvy now and can avoid the more obvious phishing attempts.
However, these targeted attempts could easily make their way to us. In the case of the long con, you need to be on alert to impersonation attempts and efforts to create more lasting relationships. They could also start as outreach via other networks such as LinkedIn, or via email of someone claiming to have attended the same event as you did in an effort to spark a connection.
In addition to an upcoming presidential election, there will be 11 gubernatorial races, 86 state legislative chambers will be up for election, 33 senate seats and the entire US House will be on the ballot in 2024. When we think in cybersecurity terms, this is a huge attack surface and bad actors have many entry points.
So BOLO for the long con and other attempts to compromise you and your accounts.