The government of Egypt used third – party Gmail applications for phish activists

Egypt phishing

The government of Cairo targeted the staff of local human rights defenders, media and civil society organizations. Amnesty International members say that Egyptian authorities are behind a recent wave of spear-phishing attacks targeting the staff of prominent local human rights defenders, media and civil society organizations.

The attacks used a relatively new technique of spear-phishing called “OAuth phishing,” said experts from Amnesty. Phishing OAuth is when attackers aim to steal the OAuth token of a user account instead of the password of the account. When a user grants the right to access their account to a third-party app, instead of the user’s password, the app receives an OAuth token. These tokens are used as authorization until the user cancels their access.

Amnesty investigators said authorities created third-party Gmail apps through which they gained access to victim accounts in the recent spear-phishing campaign that targeted Egyptian activists. Victims would receive an email that looked like a legitimate security warning from Gmail… If you clicked the link, you would be redirected to a website where a third party app would request access to your Account.


Image: Amnesty International

Once the victim has accessed the app to your Gmail account, the user would be redirected to the legit security settings page where you would be left to edit your password. Even if the victim changes its password, phishers will still have access to the account on the newly purchased OAuth token at this point.


Image: Amnesty International

This spear-phishing campaign was not limited to Gmail alone, and the attackers also targeted users of Yahoo, Outlook and Hotmail according to an Amnesty International report. Moreover, Amnesty experts said that the lists of targeted victims targeted by this recent OAuth phishing campaign “was significantly overlapping” with another spear-phishing operation in 2017, also linked to the Egyptian authorities.


Image: Amnesty International

The campaign for spear-phishing is no surprise. The Egyptian government has cracked down on advocates of civil liberty, NGOs, and journalists over the past two years.

Recently, Egyptian authorities passed a repressive NGO law, launched criminal investigations into foreign-funded NGOs, banned travel for at least 30 human rights NGO staff and managers, and frozen their assets for seven NGOs and ten people.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.