How to Protect Yourself from Phishing When Dealing with Cryptocurrencies

The importance of security around cryptocurrencies and the internet in general has never been more important. Crypto assets make value extremely portable and while this is one of their best features, it also attracts hackers, scammers or other nefarious actors to the space.

One of the biggest risks to security – as always – is people. Anyone can be susceptible to being scammed or phished and in this post we’ll discuss some ways to protect yourself from these attacks. The tips below are very universal, but in our examples we’ll focus on cryptocurrency websites, as these tend to hold a lot of risk.

Your Device

You always have to start with a secure, trusted device that you use for financial transactions. Make sure all your software is up-to-date and don’t use machines that you don’t control like a school or a work machine.

updating windows

Networking

If you have to use a public WiFi network, make sure to use a trusted VPN. Set your DNS servers to a provider you can trust – your ISP is probably not on that list. I recommend using 1.1.1.1, a service by CloudFlare that offers great speed, security and privacy for your name-resolution needs. Click here for setup guides.

1.1.1.1 by CloudFlare

Use Bookmarks Where Possible

This one is simple, but very good! Let’s say you use MyEtherWallet a lot – bookmark it and make a habit of only visiting through that bookmark. Scammers usually register domain names for popular websites that contain typos in the hope that you will visit on accident – don’t risk it by typing. Also, if you’re on twitter and you see a random person raving about a new MEW feature, don’t click the link – use your bookmark instead.

bookmark myetherwallet

Check the Website Address

Another simple tip, but you should always glance at the address you’re visiting to make sure is looks right. Check the spelling; is it correct? Does it match the branding?

myetherwallet address and branding

Does the address start with “xn--” for example? This indicates that it’s encoded using Unicode. Is that expected in your case?

Check the Certificate

First, of course, you’ll have to make sure that the website is using encryption. This will be evident by the presence of “https://” in front of the URL. Next you need to check that your connection is properly secured. Is your browser showing you any of these messages?

chrome certificate warning

firefox certificate warning

If it does, then run! Don’t be tempted to click through and visit the untrusted resource.

Finally, you need to check that the certificate is valid. Does your browser give you its green stamp of approval next to the address? Some companies like MyEtherWallet use extended validation certificates to make it easier for visitors to check if they’re in the right place – look for the green bar displaying the company name.

myetherwallet_extended_validation certificate address bar

If you have cause to be suspicious, you can even open the certificate and examine it properly. Check the address, expiry date and the company information to make sure everything’s in order.

myetherwallet view certificate

Obtaining and Providing Information

Following on from the tip about bookmarking important or high-risk sites, we need to build on the idea that you should always be in control of the websites you visit and your information flow. Don’t trust links in email and always check that you recognise the sender. Ads or pop-up boxes online are also not a good way to navigate to an important website that you already recognise. Instead of clicking that link in a news article talking about MyEtherWallet, navigate to it yourself. That extra step might save you a lot of headache and potential loss.

Another thing to mention is telephone phishing and cold calls. If you have to ring a company, don’t just google for their number, but instead look for a Contacts page on the official website. Don’t believe cold calls or texts from a company, even if their name is displayed correctly on your screen. Always question the reasons for the call and be weary of what information you are asked to provide. You should never be required to give your password or one-time code. Scammers will often make the matter sound urgent so they can lower your defenses by putting you under pressure. Always stop to think and if you suspect the call is genuine, ask if you can get a reference and ring them back on a number you can verify.

 

I hope these tips have been helpful – this guide is by no means exhaustive and you can let me know on twitter if I should add something else. Please share this article with your friends; you never know when you might save someone a lot of grief. Stay safe out there!

Powershell – Connect to Office 365 and Exchange Online

Open https://outlook.office.com/ecp in Internet Explorer (yes, I know). Go to hybrid > setup and click the appropriate Configure button to download the Exchange Online Remote PowerShell Module for multi-factor authentication.

In the Application Install window that opens, click Install.

This will create a file on your desktop that you can use to run PowerShell with the Exchange Online Modules.

If you have AppLocker, a network home drive or other policies that would prevent you from running this, you’d need to move the file to an appropriate location on your C: drive and open it as Admin. To do this, you can call it from an Administrator PowerShell window:

& "C:\Folder\Microsoft Exchange Online Powershell Module.appref-ms"

Or you can create a batch file containing the path and run that as Admin.

"C:\Folder\Microsoft Exchange Online Powershell Module.appref-ms"

Once the special Powershell window is up, you’ll have to connect to the endpoint you need to execute commands on. See the commands below:

connect-ippssession -UserPrincipalName [email protected] -ConnectionUri https://ps.outlook.com/powershell

connect-ippssession -UserPrincipalName [email protected] -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid

Key Points from Akamai’s State of the Internet Q3 2016 Security Report

The Q3 2016 State of the Internet / Security Report represents analysis and research from Akamai based on data from their global infrastructure and routed DDoS solution.

Key points and insights from the report include:

  • 71% increase in DDoS attacks between Q3 2015 and Q3 2016.
  • 77% increase in infrastructure layer (layers 3 & 4) DDoS attacks.
  • 18% decrease in total web application attacks between Q3 2015 and Q3 2016.
  • Two attack bandwidth records were set in Q3 – 623 Gbps and 555 Gbps.
  • Application layer DDoS attacks account for only 1.66, but have a disproportionate impact to the infrastructure layer’s 98.34% share.
  • While the number of NTP attacks has increased over time, the total traffic generated by each one has decreased significantly. During the 2014 holiday season, the average NTP flood attack was over 40 Gbps and in the current quarter these have seen a 98% drop in bandwidth volume. This can be attributed to several NTP vulnerabilities having been discovered and subsequently patched by system administrators.
  • The Mirai family of botnets played a big part in recent mega attacks over 100 Gbps. Instead of using reflection mechanisms, it utilises IoT devices and generates traffic directly from them.
  • The top three source countries of attacks in this quarter are China, U.S. and U.K.  The proportion of traffic from China has been reduced by 56% since last quarter which has had a significant impact on the 8% overall decrease in traffic in Q3.
  • The average number of attacks per target has increased to 30 this quarter, which suggests that there is a strong probability that once an organisation has been targeted, it should expect subsequent attacks. 427 is the record number of attack to a single target in this quarter.
  • Reflection-based DDoS attacks saw a decline this quarter, but still were a majority with 51%. DNS attacks were the most common reflection-based attacks.
  • While certain ASNs contain many sources of reflection-based attacks and seem to contain repeat offenders, the vast majority of sources are scattered around the internet, meaning this is not restricted to certain regions or networks.
  • SQLi (48.83%) and LFI (39.97%) make up the majority of application-based attacks.
  • The majority of web application attacks continued to take place over HTTP (68%) as opposed to HTTPS (32%). Most websites still allow HTTP connections instead of forcing the use of HTTPS and as such there is no real motivation for attackers to use HTTPS. As a result many attack tools aren’t configured to use HTTPS by default.
  • Large sporting events like the European Football Cup Championship or the Summer Olympics can have an impact on the volume of web application attacks originating from places where these events are popular. Brazil was the source of 1 million attacks during the 17-day period of the summer games, while in the previous month for the same dates we saw 7.3 million attacks coming from the country. Attacks on web applications are generally more involved and require more intelligence and preparation, which contributes to the impact big events have on the productivity of actors.

Data Graphs

Download the full report:

External Footprinting Tools for Passive Reconnaissance

dmitry

dmitry or the Deepmagic Information Gathering Tool can be used for a variety of reconnaissance purposes. It ships with Kali Linux and can be used to perform a whois lookup on the domain name of a host and save it to a text file like this:
dmitry -winsepo example.txt example.com

whois

Kind of obvious, but very useful to get initial pointers on names as well as IP addresses.
ap-get install whois

BGP

Looking Glass or bgp.he.net can be used to run BGP queries on an ASN.

scans.io

scans.io provides downloads of TCP/UDP port scans as well as service fingerprints like security certificates and DNS records. Its sister project censys.io allows the data to be queried online as opposed to downloading it.

Side note: pigz (parallel implementation of gzip) is a great tool for interrogating downloads quickly by using multiple CPUs and threads.

shodan.io

shodan.io is the search engine for the internet of things.

Common Crawl

An open repository of web crawl data available at commoncrawl.org.

crt.sh

Comodo’s Certificate Search can find certificates by domain name, organisation name or fingerprint.

How to Enable Two-Factor Authentication on Amazon.co.uk

While two-factor authentication (2FA) isn’t officially available on Amazon UK, there is a very simple way of enabling the feature and making sure that your account benefits from that extra layer of security.

Two-Factor Authentication on Amazon

To enable 2FA for your non-US Amazon account, follow the steps below:

  1. Go to https://www.amazon.com and sign in using your Amazon UK credentials.
  2. Navigate to Your Account and locate the Change Account Settings link under Settings.
  3. You may be prompted for credentials again, but after you authenticate, you will be presented with a number of settings. Click Edit next to Advanced Security Settings.
  4. Read the information on the two-step verification page and click Get Started.
  5. Now you need to make a choice between enabling 2FA using SMS text messages or an authenticator app. Let’s consider each option’s features:
    • SMS text message:
      • Doesn’t require a smartphone or extra software, making it very easy to use and manage.
      • It is only available on a single device. If you lose your phone you may be left without access to your Amazon account until you can get a replacement SIM.
      • Requires cell reception to work.
    • Authenticator app (Authy):
      • It is not dependent on cell reception or a connection to the internet.
      • You can generate codes from multiple devices without relying on your phone.
      • Recovering Authy itself, if you only had it on a single device, is likely to rely on SMS verification as well.
      • Amazon uses SMS texts as it’s backup code verification method in case you lose access to your app!
  6. We will go with Authy for this example, although SMS on its own can be just as good in most cases. Click on the Authenticator app option.
  7. Scan the displayed QR code into Authy and type the token that the app displays back in Amazon.
  8. You will now be asked to enter your backup phone number; any country is allowed. Proceed through the form, verifying your number with the code you’ll receive via SMS.
  9. Agree to the caveat and you’re finished!
Caveat: The last step of activating 2FA on Amazon alerts you to a minor inconvenience seen on mobile devices – they don’y support it. You will sill be able to to sign in, but you will have to append the code you receive to the end of your password string.

Caveat for Two-Factor Authentication on Amazon


TL;DR: Enable 2FA under Advanced Security Settings on Amazon.com and it will work for the UK site.