Month: May 2023

WINSCP is a free tool used to transfer file using different protocols such as SFTP client, FTP client, WebDAV client, S3 client and SCP for Windows.

The tool can be downloaded from the website: WinSCP :: Official Site Download

The tool is very easy to use and offer graphical user interface to transfer files between two Windows host (host machine and guest machine).

Basic configuration before transferring the data

1. Install Open SSH client and Server on both machines:
2. Activate the Open SSH client and server services on both machines
3. Activate the ping request connection on the both machines

Type in Windows explorer: Control Panel\System and Security\Windows Defender Firewall\Allowed apps

Choose the option “File and Printer Sharing” – choose the option “private” – and click “ok”

4. Configure the Guest machine on “Host only Adapter” to be on the same network as the Host machine

5. Check if there is a connection between the both machines

Open cmd command line – ipconfig on the Host machine on Guest machine

6. Go on the other machine, type - ping “IP address from the machine above”

NB: At this point, all the configurations are done, you can now transfer the data.

File transfer

• Open WINSCP on the Host machine (you can transfer the file from any machine)
• Choose the protocol you want to use (in our case we use SFTP)
• Choose the port number 22 or SSH port
• Type the hostname and the username of the host to which you want to transfer the data

Example: Open – cmd – type- whoami (the hostname will be visible from the left side and the username on the right side)

• Put the password you use to login within your system and you get connected to the host.
  • Now the file transfer is possible

  NB: You can copy the file and create a folder where you want to add the file and paste there.

  

• As you can see, the files transfer now is possible in a secure way using SFTP protocol.

Many threat actors used the technique I called a fakejobposting attack. In this attack, the threat actors post or send a fake job offer to many users in order to trick them to perform an action that could be used to compromised their system or account.

The attack usually happens over websites sites used by job seekers such as LinkedIn, Monster, indeed and many others.

Usually, the threat actors used the victims as an attack vector to compromise different organization.

This technique is used by many threat actors such as the North Korean group Lazarus, Golden Chicken and others.

If the attack succeeds, it could lead to further damage such as data leaked, reputation damage, financial lost. Therefore, such activity should be taken into account and a security measure such as security awareness and training to detect and prevent such attack.

The attack usually happens by sending a malicious link, file with the fake job offer or posting a fake job to attract the users. Once, the user interacts with it, the user system can be compromised or the user can lose his or her account. It is very crucial to know how we can differentiate the real job offer and a fake one.

In the upcoming lines, we will give some details about it.

• Detection and preventing of fakejobposting attack:

 When you receive a link or file, check the link sent to you via OSINT tools such as virus total VirusTotal - Home, Interactive Online Malware Analysis Sandbox - ANY.RUN

NB: You can take the file hash and check it via the tools mentioned above or others to detect if the file is a malware.

Example:  How to get the file hash: open PowerShell command – type - Get-fileHash “file name” – enter – get the hash of the file

2. Check if the domain is newly created domain or updated domain Whois Lookup, Domain Availability & IP Search - DomainTools, often the threat actors use the new domain to target the users.
3. Check the details about the company online, example: Google search. Some threat actors mimic known companies, in this case, check others platform if the job offer is present or the company website for job listing.
4. When the link sent to you require the login, don’t never use the password you use to connect to your company portal or other platforms for personal used such as social medias.
5. When you receive the message from a social media such as LinkedIn, check the date of creation of the sender’s profile and the picture on the profile (they are many AI tools now used to generate a fake picture, always check the picture on the profile), some threat actors used a fake profile or newly created profile.

NB: The picture on the profile can be taken from another social media that belongs to someone else, it is a good practice to use Google image search or Microsoft Bling images or Yandex imagine to check the if the image is not taken from another platform.

6. When there is an application to install for the interview such as TeamViewer,3CX, Microsoft teams and others compare the hash to the hash available from the provider or take the hash of the software and check it via online tools like we explained in the section 1.

If you are still not sure then it would be better to set up a Virtual machine to interact with the link or file to avoid any issues.

You can use any Virtual machine of your choice, make sure that after interacting with the link or file or software that you used to the snapshot mode to back to the safe state.

The phishing and scam attacks are types of social engineering attack where the threat actor tries to manipulate the user to behave in such a way that he can achieve one or more of the following objectives (compromise the host, stealing data such as PII, PHI, Financial data, confidential data etc.)

There are many types of social engineering attacks:

Phishing

Spam over Internet messaging

Spear phishing

Dumpster diving

Shoulder surfing

Smishing

Vishing

Spam

Tailgating

Whaling

Prepending

Identity theft

Invoice scams

Hoax

Typosquatting

The attack is the most and easiest technique used nowadays by the threat actors to target the victims.

If you have been browsing over the internet or you have been using an email address to send and receive messages, then you probably at least one time face with this type of attacks.

The attack can be very impactful, many organizations or individuals who are victim of this type of attacks can lose quantitatively (money) and qualitatively (reputation), so it is crucial to know how to be protected from the attack and also how to report it.

Example of quantitative loss:

• Receiving a fraudulent message saying that you won in a lottery, you need to send some money to get back your jackpot. This technic is often used by the scammers to tricks the user to pay money.
• Fake financial investment website where people invest money with no ROI (example read the article Goldman website scamming people in Guinea-Conakry and around the world. – osintafrica)

Example of qualitative loss:

• Sextortion abuse. Example: Using a social engineering attack to gain access to someone mobile phone or notebook in order to blackmail the person.

Considering that the attack is the most efficient way to target the victim, most of users who are impacted by this attack do not report it, which causes more victims.

By reporting the attack, we can protect yourself and other. They are many ways to report the attack, below we will describe and share with you the details about each.

• How to report scam using Gmail

When you receive a suspicious message, you can report from your Gmail account by doing:

• Click on the email you received
• Click on the ellipsis sign (the tree dot in the right corner)
• Select report Spam or the second ellipsis – select block user

By doing that, the IT department from Google will review and block the message if it is used for social engineering attack.

• How to report scam using Outlook

- Click on the email you received

-Click on the ellipsis sign (the tree dot in the right corner)

- Select report Junk report or block user or phishing, the email will be removed from your inbox and send to the IT department of Microsoft for further analyses.

NB: The same option is available on other email service such as Yahoo, Hotmail and others.

Reporting phishing abuse over social media

• Facebook

 You can always report strange emails to phish@fb.com.

• Instagram

           You can always report strange emails to phish@instagram.com.

• LinkedIn

If you receive a phishing message on LinkedIn, you can report it, by clicking on the message you received, on the right corner click on More …icon and selecting one of the below options:

- It's spam or a scam

-It's a scam, phishing, or malware

• Twitter

If you want to report a post with a link used for phishing attack, on the right corner click on More …icon and selecting report Tweet, click on next – start report – choose the option for example” myself” – next – Spammed.

You can also report social engineering abuse by reporting the domain or URL to a third-party service provider.

Examples:

• PhishTank List of potential phishing sites: PhishTank

When you receive a phishing email, you can report via the website. You can use the website also to check if the domain you received is a phishing domain.

• Report a Phishing Page (google.com)

The following page is used by Google to report phishing abuse.

• APWG | REPORT PHISHING (antiphishing.org)

The website belongs to APWG which is an anti-phishing working group, you can report the phishing email to reportphishing@apwg.org  for further analysis.

• Report a phishing page - ESET

The website belongs to ESET group to report phishing abuse.

• Where to report scams | USAGov

 The website belongs to the USA government for reporting different types of phishing abuse.

• Internet Crime Complaint Center(IC3) | File a Complaint

The website is used to report internet crime such as phishing, ransomware, corporate data breaches and others.

• gov: econsumer - Report international scams online!

The website is used to report different types of scams or fraud such as Jobs and Making Money, Travel and Vacations, Lottery, Sweepstakes, or Prize Scams, Online Shopping/Internet Services/Computer Equipment and others.

• Phishing Initiative (phishing-initiative.eu)

Phishing Initiative helps fight against phishing attacks.

When you report the address of a suspected phishing website, the emails will be analyzed it and blocked if the address is malicious one.

• Phishing takedowns, faster - phish.report

By reporting the URL or domain, they will analyze  and it takedown if it is malicious.

In conclusion, the social engineering attack is easy to perform but the impact can be very devastating. Reporting the attack will save many people. So, it is crucial to report the attack as soon as possible to lessen the impact and stop it.