Fraud Chain Domino 1
Email and Device Penetration

Domino 1 is aimed at the initial penetration of your devioce

Direct Software Installation Vectors

Fraud Chain Domino Effect

• Malware Installers

  • Trojans

  • RATs (Remote Access Tools)

  • Info-stealers (session cookies, saved passwords, tokens)

• Malicious Email Attachments

  • PDFs with embedded exploits

  • Office docs with macros

  • ZIP files containing loaders

  • HTML attachments posing as invoices or receipts

• Fake Software Updates

  • Browser updates

  • OS updates

  • Zoom / Teams / VPN / Antivirus updates

  • “Security patch required” pop-ups

• Fake Captive Portals (With Downloads)

  • “Install certificate to access Wi-Fi”

  • “Network security plugin required”

  • “Compliance / verification tool”

• Browser Extensions

  • Credential-harvesting extensions

  • Session-hijacking extensions

  • OAuth token abuse via extensions

OAuth refresh tokens are long-lived keys that let attackers stay inside email accounts without passwords or MFA. If malware steals them or a user approves a malicious app, the attacker can persist indefinitely unless those tokens are explicitly revoked.”

Why this matters to your model

This perfectly supports your core point:

• Email compromise today is device-anchored, not password-anchored

• Software on the device → token theft → persistent access

• Software-only defenses don’t fix a poisoned device

• Isolation works because tokens never touch the public device

Chain of events that lead from your email being infiltrated to your bank account being inflitrated

Demonstrate how the focus in individual at thsi point but as automation and AI and F35 event occurs