Cybercrime,  English,  Entertainment

Indica Records Cyber-Phishing Upgraded

I don’t know why the Indica label is so popular among incompetent cyber-criminals. Even Desjardins impersonators are not that persistent, but here we go again. It is important to keep in mind that this can happen to any business. Every website out there can be used as a front to commit phishing and other attacks, with or without cyber-squatting, most of the time without the knowledge and consent of site admins. The less tech-savvy a business, the more vulnerable it is to have its identity used in this way.

While dissecting my latest Indica Records incident, I noticed a new approach of fake ID layering to bypass spam filters (not sure if layering is the proper term, will have to double-check with the experts, but you’ll see what I am referring to) this time the identity of the sender appears to be masked by the same mythical email address (ganael/indicarecords.com) and again I am invited to click on a .rar file. What’s new is, I am being provided with a password (how thrilling) and the actual sender posing as “Ganael” from Indica is none other than taylor@dovey.com. Metadata hello!

Here is where it gets interesting: the domain dovey.com redirects to an innocent Instagram account belonging to someone called Jeff Dovey. We are not looking for Jeff, we are looking for Taylor. Just as I thought, a Whois search reveals that the domain dovey.com is owned by a company in Jacksonville, Florida calling itself Perfect Privacy LLC. Just wow!

And drum-roll: both the registrant and the domain administrator email addresses are listed as: c74dd38y7m6@networksolutionsprivateregistration.com

No Jeff, no Taylor, certainly no Ganael in sight. All we’ve got is our latest friend c74dd38y7m6. Who wouldn’t want to do business with c74dd38y7m6! What a relatable and trust-inspiring nickname (if you are bot that is). It almost makes me want to click on the .rar file.

Point is, before jumping to conclusions on the identity of an offensive sender, check your metadata first. Keep in mind that fraudulent emails can be sent on your behalf, too. Look at how many identity fraud victims a single phishing operation can take. It is important to remain calm and investigate a little before engaging with anyone new.

Since the above scammers are located in the USA (and not Montreal, Canada where Indica Records is based), this is where to file a report of such an incident: https://www.fbi.gov/investigate/cyber


Next day update (I woke up with this and in a bad mood): This incident made me realize that poorly organized businesses who are not tech-savvy can also pose risks for their clients and contacts. Just like covid, it is not enough to think about yourself, you need to also consider your epidemiological impact on others and the whole of society. The less protected you are, the more you expose others to infection and serious consequences. If one day we have a vaccine against tech illiteracy, it will have to be mandatory no exceptions. Nobody should be allowed online without it.

Second update: unfortunately this would amount to a social credit score system which is a prohibited AI practice.