The Electronic Frontier Foundation (EFF) recently released a report describing an aggressive spear phishing campaign called “Phish For The Future” that targeted digital civil liberties activists at Free Press and Fight for the Future. The campaign took place between July 7 and August 8 of 2017, during which time there were almost 70 spear phishing attempts from the same attackers documented.

Spear phishing is when attackers send emails that direct you to fake websites or logins, in order to gain access to personal information and account logins. Sometimes they look they’re from someone you know and trust and other times they’re preying on fear or embarrassment. The attacks are effect because they prey on basic human impulses and instincts. The Phish For The Future attacks utilized both personalization and embarrassment tactics.

In this case, the attackers used multiple attempts and stepped up their approaches with each rejection. The EFF described some of attacks as “generic” — like links to view a Gdoc that came from a “coworker” or LinkedIn notification messages from a colleague. However, others were highly personalized, such as one targeting the Campaign Director for Fight For The Future, Evan Greer. The attackers sent her a message asking for a link to buy her music, she responded with a link, and they responded saying the link wasn’t working. The link they sent back, however, was to a phishing page that looked like a Gmail login page.

Other personalized attacks included one that was forged to look like the target’s husband, with links to “family photos” and a fake YouTube comment for a real YouTube video.

Another tactic used was to prey on the targets political beliefs, with fake headlines, including “George W. Bush ON TRUMP'S TWEET: A FREE PRESS IS ‘INDISPENSABLE TO DEMOCRACY,’” “Chelsea Manning's release is the inspiring proof: nothing is impossible,” and “Net Neutrality Activists 'Rickroll' FCC Chairman Ajit Pai.” All of the emails included an “unsubscribe” link, which redirected people to a fake Google login page.

Finally, the attackers used potential embarrassment — and censure at work — to try to entrap their targets. The first way they did it was by sending articles with embarrassing headlines, like “Porn star Jessica Drake claims Donald Trump offered her $10G, use of his private jet for sex,”and “Reality show mom wants to hire a hooker for her autistic son.” The second was by sending emails with subject lines like “You have been successfully subscribed to Pornhub.com” and “You have been successfully subscribed to Redtube.com.” Those emails were followed up by emails disguised to look like they came from those porn sites, with explicit subject lines.

Luckily, only one account — which had been inactive for years — was compromised in these attacks. However, this level of commitment and sophisticated suggests that these organizations were targeted for a specific reason. They don’t believe the attacks came from a government organization, but other online activists should be especially wary of any suspicious links.

If you’d like to learn more about the “Phish For The Future” attacks, check out the EFF’s full post here.