It’s just a couple of hours after the AP’s Twitter account was hacked, sending markets into a tizzy with a false report of violence at the White House.
These emails are (usually) a ham-handed bit of “social engineering,” containing some text and a link. The trick is, getting people to click on the link.
If you’ve ever been offered free porn in your inbox, you know the drill: some proportion of dopes who receive the email will click on the link, leading them to a site that may try to install malicious software on their computer.
But we already know, through tidbits offered by the AP itself, how it happened.
First, there was a “phishing” email sent to reporters at the AP:
That reporters at the AP received an “impressively disguised” phishing email speaks to the competence and determination of the attackers. It’s not easy for overseas hackers who are not native speakers of the language used by their targets to write completely convincing emails, for example.