Egyptian non-governmental organizations have been targeted by a large phishing operation centered around a government crackdown on NGOs, researchers report.

Citizen Lab, a University of Toronto team devoted to investigating cyber attacks against human rights advocates, dissidents and journalists, uncovered the operation, which it nicknamed “Nile Phish.”

The attacks appear focused on the targets of “Case 173,” an Egyptian investigation to purportedly weed out foreign funding in NGOs. Opponents, however, have described the probe as an authoritarian strike at humanitarian groups.

ADVERTISEMENT

Citizen Lab identified the attacks in seven NGOs: the Association for Freedom of Thought and Expression, the Cairo Institute for Human Rights, the Egyptian Commission for Rights and Freedoms, the Egyptian Initiative for Personal Rights, the Nadeem Center for Rehabilitation of Victims of Violence, the Nazra for Feminist Studies and an organization that asked the lab not to be named. The focuses of the groups center around human rights, including tracing state abuses.

According to Citizen Lab’s report, the phishing campaign demonstrated “intimate familiarity with the targeted NGOs activities, the concerns of their staff, and an ability to quickly phish on the heels of action by the Egyptian government.”

In one instance, colleagues of a women’s rights activist who had been arrested were phished via a purported copy of her arrest warrant within hours of her capture. Other attacks included invitations to speak about Case 173, travel ban lists and a joint NGO letter to the Egyptian president about Case 173.

Though often derided by onlookers outside the security industry, phishing campaigns — especially targeted ones — continue to be an extremely effective attack and have been blamed in high-profile breaches. They are cheap, can be targeted to be irresistible to victims, require little training and can be repeated and tweaked indefinitely until they succeed. Experts, including Citizen Lab, suggest turning on two-factor identification on all accounts to prevent phishing from succeeding.