A couple of months ago, a prankster calling themselves “Sinon Reborn” made the headlines after he used an elementary trick to dupe the likes of Bank of England governor Mark Carney and Barclays boss Jes Staley into believing that they were having an email exchange with colleagues.
Sinon Reborn’s hoaxes aren’t that sophisticated – he simply emails high profile figures from webmail accounts he has created in the names of their colleagues and associates – but it appears to have outwitted some in the past, until the conversations become too ridiculous or out-of-character at least.
As CNN reports, now the self-styled “email prankster” has turned his sights onto the beleagured White House of US President Donald Trump, and seemingly had some success.
For instance, Sinon Reborn created a fake Outlook account posing as Trump’s son-in-law and senior advisor Jared Kushner, and used it to email the official account of Homeland Security Adviser Tom Bossert.
That exchange appears to have tricked Bossert into revealing his personal email address, which someone maliciously-minded might have been tempted to exploit with phishing or malware attacks.
In another exchange, Sinon Reborn posed as now-ex White House Chief of Staff Reince Priebus when emailing the now-ex White House Communications Director Anthony Scaramucci, which resulted in a characteristic combative response from “The Mooch”:
Fake Reince Priebus: “I had promised myself I would leave my hands mud free, but after reading your tweet today which stated how; ‘soon we will learn who in the media who has class, and who hasn’t’, has pushed me to this. That tweet was breathtakingly hypocritical, even for you. At no stage have you acted in a way that’s even remotely classy, yet you believe that’s the standard by which everyone should behave towards you? General Kelly will do a fine job. I’ll even admit he will do a better job than me. But the way in which that transition has come about has been diabolical. And hurtful. I don’t expect a reply.”
Anthony Scaramucci: “You know what you did. We all do. Even today. But rest assured we were prepared. A Man would apologize.”
Fake Reince Priebus: “I can’t believe you are questioning my ethics! The so called ‘Mooch’, who can’t even manage his first week in the White House without leaving upset in his wake. I have nothing to apologize for.”
Anthony Scaramucci: “Read Shakespeare. Particularly Othello. You are right there. My family is fine by the way and will thrive. I know what you did. No more replies from me.”
The hot-headed and loose-tongued Scaramucci appears to have been a favourite target of Sinon Reborn, who also contacted the colourful Mooch with an email claiming to come from former Utah Governor John Huntsman Jr, who is expected to be the next US ambassador to Russia.
The real Huntsman was also hoodwinked into an email exchange with a fake account created by the prankster in the name of Donald Trump’s son Eric, in which the bogus president’s son made an unusual suggestion:
“Maybe we could have Dad sat (sic) on a horse, top off, giving the full Putin! He’s in better shape than his suits suggest.”
To his credit the real Eric Trump reportedly was not duped by a bogus account that pretended to be his older brother Donald Trump Jr., saying he would report the fake communication to law enforcement.
Fortunately, the email prankster who created the bogus accounts appears to be attempting to cause embarrassment or some gentle titters from his activities rather than exploiting the situation to phish high profile figures.
Whether you think Sinon Reborn’s activities are amusing or not comes down to your personal taste. Personally, I don’t think it’s all that clever or witty, but it does raise an important message to us all – always be careful about who you are communicating with.
It’s all too easy for someone to create an email account in the name of someone you know – and you should be careful not to automatically trust communications which arrive from unusual email addresses or that seem out of character.
Chances are that Donald Trump’s White House team will continue to be targeted by email pranksters, as well as – no doubt – genuinely criminal attempts to dupe them, as well as questionable phishing experiments by journalists.
If you want to learn more, listen to this episode of the “Smashing Security” podcast from earlier this year, where we discussed Sinon Reborn’s prank against the Bank of England governor:
Smashing Security #022: 'Walk this way… to defeat biometrics'
Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...
This whole episode once again reinforces the point that the only way to even remotely be sure you know who you're exchanging messages with is by using public-key encryption and authentication. Of course, this is too much work and requires too much learning for most people, including, it seems, the White House staff, so episodes like this will continue into the foreseeable future.