Archive for May 2016
1. Keep the network out of reach of criminals
According to the Verizon data breach investigation report published last month, phishing remains a major data breach weapon of choice. Trend Micro added that ransomware is expected to be one of the biggest threats in 2016 and that a single ransom demand will go much higher, reaching seven figures.
Remember, cyber criminals are lazy. If your organization is a tough nut to crack, they will move on to find more low hanging fruit.
2.Launch phishing simulations
Running phishing simulations followed by ad hoc, gamified training is a proven tool to increase awareness and reduce risk. Repeat the process at least once every two months - changing behavior is a process. Training is important, but continuous assessment is even better to set the right mindset.
3.Use Gamification as training methodology
Let’s admit it, people hate training. They are sick and tired of videos and training wizards with boring slides and bullets. Meanwhile, for us, the security managers, it’s not really measurable. This is why interactive training or ‘gamification’ is much more engaging. Plus, people love to get high scores to collect awards, so why not? Create fun and interactive games to deliver your messages.
4.Definitely include your senior management
They are main targets, especially for spear and whale phishing. Make no exceptions. Publicly promote their participation. It’s a good example for the rest of the company.
5.Use real-life examples
It’s best to hit your employees with emails they might actually receive. Change difficulty levels and start from the ground up. Don’t expect people to understand advanced phishing examples from day one. Teach them step by step on both phishing scenarios and training modules.
6.Enforce training, and follow employee progress
To make it effective, employees must understand this is serious. They need to be reminded if they ditched the training. It’s your job to make sure they like it. It’s all about the messaging. They need to understand that they have a critical role in protecting the company and its assets.
7.Encourage ongoing phishing reports
Make sure each and every employee knows how to report back to the security team about suspicious emails. Many people tend to believe that the technology on premise will automatically stop all malicious emails and attachments for them. Make sure they understand that they are an active line of defense.
Phishing is the No.1 vehicle used by cyber criminals to deliver malicious software to your organization. The level of sophistication is increasing dramatically so traditional defenses are lagging behind. Make sure people are aware of the risk and well trained to spot and report it as it happens.
Tuesday, 31 May 2016
Posted by Siva Priya
In the modern world, Internet has become a wonderful place to gain knowledge, exchange ideas, share information, make new friends and whatnot. Even though, you can do all of this by remaining anonymous behind your monitor, your real life identity and personal details can still be at the risk of falling into the hands of strangers. This is where the term “doxing” comes into play!
What is Doxing?
Doxing simply refers to the process of gathering or deducing other people’s information such as name, age, email, address, telephone number, photographs etc. using publicly available sources such as the Internet. In other words, doxing is the act of using the Internet to search for personal details about a person.
Doxing is done by initially taking a piece of information (such as “name” or “email address”) and keeping it as a base to find out other possible details about the person. The term “doxing” is derived from the word “document tracing” which means to retrieve documents about a particular person or company in order to learn more about them.
Today, Internet has grown to such a size that it contains almost any information that you’ve ever imagined! All you’ve to do is use the right techniques to search for what you want. Here is a list of doxing techniques that are most commonly used by Internet geeks and ethical hackers:
Google is undoubtedly a powerful tool that plays a key role in doxing. Since Google indexes almost anything on the Internet (sometimes even the private information), it is possible to dox for details such as email ID, address, phone numbers and photographs of a person or company. Once you obtain the search results for your query, carefully examine the description part which in most cases contain the piece of information that you are looking for.
Social Networking Websites:
As most Internet users are found to be active on social media, social networking sites such as Facebook and LinkedIn provide a virtual goldmine of information necessary to perform doxing. As most users are unaware of online security issues, they have weak privacy settings on their profile. This makes it easy for the attackers to gain access to personal information such as photographs, real names, location, job, partner’s name etc.
Reverse Cell Phone Lookup:
A “Reverse Cell Phone Lookup” is simply a process of finding someone’s personal details such as name, age, address and related information by using their cell phone number and vice versa. There are many online services out there such asIntelius that provide access to the personal details about a given person based on his/her phone, name and email ID.
If a person or company has a website (or domain name) associated with them, you can easily perform a “whois search” for their website to obtain personal details such as full name, address, email and phone number. Just visitwhois.domaintools.com and enter the domain name for which you want to perform a whois search. It will show up all the details associated with the domain name.
Why Would Anyone Want to Perform Doxing?
Most people perform doxing out of general curiosity about a person or company. However, there are some wicked minds out there who do this for the purpose of blackmailing or taking revenge by exposing the information that they have gathered about the person.
What are the Consequences of Doxing?
It can be slightly irritating and embarrassing when private data fall in the hands of people who are not intended to have access to such information. However, things can go even worse if the doxed information such as a person’s social activities, medical history, sexual preference and other vital bits of information is made public. This can have a serious threat to health, livelihood or relationship of the victim.
Steps to Protect Yourself from Doxing:
The following are some of the most commonly targeted pieces of information that can be easily obtained through doxing:
· Full name
· Age, gender and date of birth
· Location and place of birth
· Email addresses and username
· Phone number
· Social networking profiles, websites and blogs
So, it is always a good practice to keep the above bits of information hidden. Even though it is not possible to do this in all cases, you can still take care to protect as much information as you can from going public. You can consider the following additional tips for further protection:
1. Do not upload personal photographs on web albums such as “Picasa”. Even if you do, make sure that your album is hidden from public and search engines.
2. If you do not intend to show up your profile on search engines, it is a wise choice to make all the Internet profiles private.
3. Maximize the privacy settings of your social network profiles. Make sure that your individual albums and photographs have their privacy settings configured.
4. Do not use the same email address for all you accounts. Instead, create separate email IDs for individual activities such as gaming, forum participation, banking accounts etc.
Is Doxing a Crime?
Doxing is definitely not a crime when used within the ethical standards and no harm is being caused to anyone. However, if doxing is done to cause intentional damage such as harassment, blackmailing or taking revenge it might well be considered an offence.
Ethical Hacking for Beginners training is course/certification focused on deeper knowledge in hacking.Course is available in Chennai, Vellore, Kancheepuram, Gudiyatham branch .
Take this completely free, online ethical hacking and penetration testing training class from Redback Academy. Learn to hack, for free! . Limited Offer Only .