The basics of phishing attacks: What journalists need to know to stay safe

By: Jorge Luis Sierra | 10/27/2016

Unless they cover technology, most journalists probably could not explain exactly how a cyberattack happens. Yet it’s more important than ever, given recent global events, for journalists to understand how repressive governments or other groups are launching these attacks against them.

In order to defend themselves appropriately, journalists need to know how they can defeat attempts to infect their computers and mobile devices.

First, journalists need to have a basic understanding of what kind of digital weaponry governments are purchasing. Attackers are using powerful and expensive technology developed by private companies like Hacking Team, an Italian company that sells software that steals information from mobile phones, including contact lists, SMS messages, documents, photos, audio clips, videos and passwords. Some cyberattack software covertly records what keys are being struck on a keyboard and can extract data before it is encrypted.

Secondly, journalists need to understand how these hacking tools work. Although there are some differences between them, they basically follow the same pattern: the victim is deceived into clicking a link after receiving a message with a hidden spy program.

A cyberattack typically consists of the following phases:

  1. Infection of the user’s device by injecting malicious software. Attackers will try to deceive journalists by sending a message carefully crafted to look legitimate, trying to get the victim to click on a link or open a document that will actually infect their device. There are three ways that an attacker may try to access a journalist’s laptop or phone; in information security lingo, these methods are known as social engineering, exploits and spear phishing.

  2. Once the malicious software is in the device, it gets to work immediately. If the device is an iPhone, the software waits until the phone is connected and syncing with a laptop. The cyberattack software will then override the phone’s software restrictions — a practice known as "jailbreaking" — allowing for the installation of a malicious program that essentially infects the phone.

  3. The malicious software may actually work best if the infected phone, while plugged in and charging, is connected to a WiFi network controlled by the attacker. This way, the victim won’t detect any sudden battery drain that usually results from malicious software at work.

This is how adversaries mounted an attack on Rafael Cabrera, an investigative reporter for Mexican online news site Aristegui Noticias. Cabrera helped report on whether Mexico’s president favored a major government contractor that built a mansion for the president’s family. The so-called "Casa Blanca" scandal eventually became a major embarrassment for the government.

The first attempt against Cabrera was a phishing attack. Cabrera received an innocent-looking text message supposedly sent by UNOTV, a news service that delivers breaking stories via SMS to mobile subscribers. However, hidden in that message was a version of Pegasus, a powerful surveillance tool that can extract text messages, contact lists, calendar events, emails and instant messages from phones. Pegasus can also harness an infected phone’s microphone to record sound and use its camera to take photos.

The messages were a classic example of spear phishing, because they were carefully crafted and personalized, meant to pique Cabrera’s interest and get him to click on a link. "The president’s office will sue those who published the 'Casa Blanca' story," read one. "Due to 'Casa Blanca' story, the president’s office may put reporters in jail — see the names," read the second.

Fortunately, when Cabrera saw these on his cellphone screen, he immediately started worrying that the messages were an attempted cyberattack. He did not click on the links leading to the false news stories.

Editor Carmen Aristegui and reporter Irving Huerta, who both worked on the investigation, also received text messages reading, "My dad died last night, we are devastated, click here to see the funeral home address."

Thanks to their experience and awareness of the risks involved, neither of them clicked on the links contained in the malicious messages.

To learn more on what to do to prevent these attacks — and what to do if you become a victim of spear phishing — click through the slideshow below:

Main image CC-licensed by Flickr via Christopher Schirner.

This post was also published on IJNet, which is produced by ICFJ.

Related Programs
ICFJ Knight Fellowships

Latest News

Sharon Moshavi on Journalism, Disinformation and Why Facts Still Matter

Sharon Moshavi, the president of the International Center for Journalists (ICFJ), recently joined the Ink and Insights podcast for a wide-ranging conversation on the future of journalism and the evolving information ecosystem. The interview, hosted by author and storyteller Sumit Sharma Sameer, touched on the growing role of AI in both enhancing and undermining journalistic work, the importance of audience-centric innovation and why young reporters must build subject-matter and tech fluency to stay resilient in the industry.

ICFJ Knight Fellow Sannuta Raghu Says “Fidelity to Source” is Vital When Using AI

Newsrooms globally have begun exploring ways to convert their journalism into different formats using AI: for example, from text articles to videos, podcasts, infographics and more. As they do so, the core challenge isn’t just accuracy – it’s rigor. Journalists strive to get facts right and attribute them clearly, avoid bias, verify claims, and maintain transparency. When AI is used to convert a work of journalism from one form to another, the same rigor may not carry over.

A Reporter's Guide to The History of Tariffs

For most of human history, governments have taxed goods crossing their borders. Tariffs — taxes levied on imports or exports — have financed empires, protected domestic industries, and punished foreign rivals. They’ve sparked wars, crashed economies, and redefined alliances. Yet today’s tariff war between the United States and the world doesn’t fit neatly into any of the old molds. Rather than being a tool to nurture domestic industry or fill government coffers, tariffs are now being wielded as weapons in a sprawling contest over global power and economic dominance.