Have you ever seen that spam on Facebook where someone posts, if you see a friend request from so-and-so, don’t accept it, it’s a hacker! Yeah, this post is ‘kind-of‘ like that.
Well, Mia Ash is a whole online persona that is leveraging catfishing techniques to lure men (or women) in power. She would reach out to the victims via LinkedIn, Facebook, Snapchat, etc, asking a question or two about photography, and would keep talking to them via social networking and email about all sorts of subjects, slowly creating trust. Social engineering them! She had numerous profiles across the social networks that were well aged and used and was entirely personable. It didn’t hurt that she wasn’t bad to look at too…
After working a target, she would ask them if they could open a file for her, in an innocent way, and the file would contain PupyRAT. The Group behind Mia Ash weren’t after credit card numbers, but company secrets.
It just kind of goes to show you, social engineering and going after human vulnerabilities is the best way in!