Dark Basin is a “hack-for-hire” group that has targeted individuals and institutions globally, including American non-profits. Dark Basin has been found to have likely conducted commercial espionage against those involved in advocacy, criminal cases, public events, financial transactions and news stories.
Notably, Dark Basin sends phishing emails that are often impersonation attempts to the personal and work email addresses of those they target. In at least one case, a phishing message was sent to a target’s minor child.
Goals of these campaigns appear to be:
- Spreading disinformation via fake news stories/social media updates
- Leaking data/information
- Data theft/alteration
Although phishing messages are sent from a variety of accounts, including Gmail accounts, Identifying characteristics of these messages include:
- Use of URL shorteners to mask redirection to credible looking phishing or spoofed websites of well known services such as Gmail, Yahoo Mail, Drop Box and Facebook.
- Imposter emails delivered from scammers masquerading as colleagues and friends. These messages often demonstrate a knowledge of organizational structures or personal information.
- Persistence – some high value targets have been sent more than 100 diverse phishing messages.
Please be reminded of the following:
- Email addresses and phone numbers can be spoofed, so a communication may appear to be from a person/entity when it’s not.
- Do not click embedded links or open attachments in unexpected email messages.
- Scammers commonly use URL shorteners as a way to mask the true destination URL. For more information, including information on how to expand short links see the following article from The Download, The Skinny on Short Links.
- When in doubt of the legitimacy of a message received, contact the sender to verify via a trusted phone number, such as their NYU Directory phone number.
- Before entering credentials or other sensitive information on any web page, verify that the URL in your browser’s address bar is expected and correct.
- To report a suspicious message, email phishing@nyu.edu.