EXCLUSIVE: Email prankster who tricked Trump admin officials reveals ‘inbox hypnotism’ techniques

James Linton — the notorious email prankster — has come forward to me to talk about helping people not fall for pranks like his.

He is a master of the simplest “hack” of all — impersonation.  In recent months, he has pretended to be White House officials like Jared Kushner and Reince Preibus or even Eric Trump.  And it worked.  He fooled plenty of people who should have known better, including Anthony Scaramucci, former Utah governor and presidential candidate Jon Hunstman, Homeland Security Adviser Tom Bossert — and Trump’s son, too. In the past, he’s tricked high-profile British banking officials. More recently, he was able to get a response from Harvey Weinstein and long-time advisor Lisa Bloom.

Now, the notorious email prankster — his real name is James Linton — is talking to me about trying to help people avoid these kinds of attacks. In an exclusive interview with me, Linton explains how he does what he does, and how you and your company can adopt an approach that protects against such attacks.

To refresh your memory, Linton’s technique is trivial, but effective.  The prankster simply registers email accounts like Reince.Preibus@mail.com and starts sending messages.  He often does this at times of intense news interest, when targets should really be on high alert — but instead, are often highly impetuous. In the case of Scaramucci, he fell for the hoax hook, line and sinker.

In one part of a typical dialog, the fake Preibus said, in part, “The way in which that transition has come about has been diabolical. And hurtful. I don’t expect a reply.”

Scaramucci, believing the message was authentic, responded: “You know what you did. We all do. Even today. But rest assured we were prepared. A Man would apologize.”

The hoax exploits an age-old problem with the way the Internet was built: It’s pretty easy for people (and computers) to lie about who they are and where they are.

The attacks are mostly a stunt, but they are a form of something that’s rampaging through the business world right now – executive ID theft.  Workers around the globe are falling for fake emails like this and taking real steps that cost millions. The FBI has called the crime – which goes by the pedantic name “business email compromise” – one of the fastest-growing digital cons. One technology company reported in an SEC filing in 2015 that it had been hit by a con that led to “transfers of funds aggregating $46.7 million.”   In one version of the crime, the fake executive sends an urgent message asking that money be wired to close an international business deal.  Given the power relationships involved, assistants often comply.

So it’s worth listening to Linton as he describes why people fall for this simplest of social engineering tricks, and what you might do about it.

Bob: Many people think they could never fall for this kind of thing. The vast majority are sadly wrong, I think.

Linton: I agree with you entirely, anyone – no matter what their technical background – could fall for the tricks I do. Obviously for the most part I’m after a humorous exchange, so my tone of voice rapidly moves towards the more bizarre end of believability. I also know very little about the dynamics and internal setup within the company the ‘mark’ works at. Are they all based at the same site? Same timezone? Office-based? Mobile? Etc… So with a little help from an internal observer, a lot assumptions I make an educated guess at …. could be confirmed and the ‘attack’ could be infinitely more targeted and dangerous.

Bob: What should someone do to protect themselves from….well, you? And folks like you?

 Linton:  What can people do to protect themselves from the cuckoo-esque deceptions I do? Nothing, in short. And that’s not me being big-headed. This isn’t an intellectual face-off,  me vs. person ‘X’. I’m just doing what I’ve always been an advocate of, standing on the shoulders of giants. The giant in this case is years or even decades of electronic messaging. It creates what I like to call ‘inbox hypnotism’. Subconsciously at the back of everyone’s mind is a row of trigger switches all set to neutral, it’s my job to keep them in that position, and hopefully even flick some towards the ‘trusted’ position. So whilst some knowledge of UI is an advantage, psychology is by far the biggest asset I’m leveraging.

All that being said, I believe protection from this type of attack needs to come from the mail app you’re using. I’ve lots of ideas about how this could be done, both at company and individual level. I’m hoping to find someone to partner up with going forward, it would be great to use my experience to make everyone a little safer.

AlertMe
If you’ve read this far, perhaps you’d like to support what I do. That’s easy. Buy something from my NEW LIBRARY AND E-COMMERCE PAGE, click on an advertisement, or just share the story.


About Bob Sullivan 1403 Articles
BOB SULLIVAN is a veteran journalist and the author of four books, including the 2008 New York Times Best-Seller, Gotcha Capitalism, and the 2010 New York Times Best Seller, Stop Getting Ripped Off! His latest, The Plateau Effect, was published in 2013, and as a paperback, called Getting Unstuck in 2014. He has won the Society of Professional Journalists prestigious Public Service award, a Peabody award, and The Consumer Federation of America Betty Furness award, and been given Consumer Action’s Consumer Excellence Award.

1 Comment

  1. Thank you, this explains something to me about others. Advertising has worked on me–when it provided information that I could research. *Twice. A steam ‘mop’ (that worked), and an Alienware computer (that naturally turned out poorly for me). The process he’s using is actually called “group validation” even though the person he’s ‘attacking’ isn’t part of a group–because the human nature tends to learn by copying–>reality becomes defined by (what is perceived of) the group–which may be entirely imaginary and always is to some extent. Think of group rituals and how people are pressured into joining things like the KKK or gangs (if you know; I won’t explain that in this venue). As population density rises, means of affirmation will be increasingly harder to achieve–because the real means of affirmation sought is being important in the eyes of the group. I on the other hand did something secretly during the Vietnam war and have hidden ever since. Feel free to delete this after reading. 8]- (That is a smiley of sorts.)

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.