On Wednesday the 3rd May 2017 a Phishing campaign propagated across the internet effecting Google users. It was like nothing we’ve seen in recent years. Now the issue has been resolved and the risk mitigated it’s time for some reflection. I’m sure you will be aware of how the Google Docs phishing campaign spread, users were tricked by authorising a… Read more →
When we look at online social media, it has been adopted in one flavour or another by nearly all of us. The way we project our persona online has slowly replaced the media of yesteryear. Expression is nothing new; throughout history, people have displayed their wealth, status, literary prowess and wit in the hope of being desired, feared, pondered and… Read more →
So it turns out us humans aren’t the only ones with a few flaws when it comes to an inbound phishing email! Often uttered from the crowds at every infosec event is the dreaded cliché statement, “Well, humans are the weakest links in security” but not today, stand proud as we take the time to shame our binary companions. In testing and teaching… Read more →
It’s always DNS. If something has broken online the first step is normally checking what the DNS is doing. Similar when we try to discover all we can about an organisation in the recon stages of any assessment it’s also DNS that makes a re-appearance first on the list. ‘Hackers’ or in our case – ethical social engineering consultants, will… Read more →
Last week you might have heard in the press about a phone scam that’s is supposedly sweeping the nation. The dreaded, super sneaky ‘Can you hear me’ scam. Fraudsters will ring you and ask the question “Can you hear me?”. When a victim replies “Yes” the audio is recorded and used to entrap you in a legal contract. Now even… Read more →
Recently I stumbled across a publication from HMRC, it stated the forms of communications they would use to contact the tax paying public. Example messages were displayed in an attempt to ‘whitelist’ communications. Basically, if you receive correspondence that looks like the examples listed, it could be from them. Some excerpts from the article found here read: Text messages HMRC is… Read more →
This is a copy of a guest blog authored for Ascertus Ltd, feel free to read the post over here. Whilst content in our 9 – 5 employment, slightly resentful that our personal activities aren’t getting the attention they deserve, it’s easy to forget about the true value of things around us – especially their inherent value to other walks… Read more →
Over 100 Billion SMS messages are sent per year in the U.K., whilst this figure continues to fall due to mobile device users opting to use alternative communication mediums such as WhatsApp, Facebook Messenger and Signal – we are still a nation dependant on this older form of messaging. If you think it’s going to disappear anytime soon you should… Read more →
It’s been 2 years to the day since The AntiSocial Engineer Limited was founded; The seasonal timing and also the fact we seem to be doing enough right to pay the bills have made us sit down and question where we take it from here. It sure has been educational and part of our future plans came from a reflection on… Read more →
As an English speaker, I mainly stick to Latin characters and some symbols that cover my day to day needs. I demand payment in £, I add a few &@! to my passwords and I am known to include the odd mathematical UTF-8 character when expressing my <3 of something. But the latin language has many more variants, IDN character… Read more →
In recent Apple iMessage updates, the way links are handled within an SMS message have changed significantly and this adaptation poses quite a concern for us. Early 2016 we were the first company in the UK to offer SMShing services, these SMS messages are like phishing emails and contain a pretext alongside a link within the message. When a mark… Read more →
For nearly a year we have had a tale we’ve told to friends and business associates. The tale involves TalkTalk and how one day we found the data breach, alerted them and sparked the controversy that we all know to this day as ‘The TalkTalk Breach of 2015’. It’s been a funny year, with one NDA or another we’ve sometimes even… Read more →
To a modern business, a data breach can have devastating effects. We have seen TalkTalk hastily bungle, Sage coyly dawdle and much more generally mess it up, it’s got to change. We don’t spend all day hunting these elusive beasts either, but we have had our involvement in both mentioned breaches and feel we could offer some public insight to the very elusive modern mishap.… Read more →
Personal details and bank account information for employees of as many as 300 large UK companies may have been compromised as part of a data breach at Sage, a UK accountancy software group. August 11th, 2016 Sage UK Payroll services started notifying customers of a data breach effecting their staff payroll systems. A rather generic statement was believed to be provided… Read more →
So it might not be immediately apparent but when I am not hacking things and complaining about the lack of security in businesses, I also do mundane things. I tidy the house, I go shopping for soy milk and vegetables, I have recently adopted running and when i’ve done all the basics of life, I even try to complete the… Read more →
The term insider threat is brandished around quite a lot these days, companies often talk about the weakest link in security being people. I guess they are almost right in what they say, but I can still dream about the world in which people can actually be one of our biggest strengths. The typical company sees the classic insider threat… Read more →
Original article by IT Governance: here So a while back I was interviewed by Lewis Morgan from the IT Governance Blog and thought i’d share this on the site. It is a little tongue in cheek reading it back actually! But genuine none the less. First, let’s quickly cover the basics: what is social engineering? Well, a good question straight… Read more →
One advantage of running a small boutique consultancy is I get to steer the business activity towards subjects I personally find interesting. Throughout my career, I have always been fascinated with frauds and that is where my focus normally lies. It’s that magic-like performance for me that has a very similar feeling to the showmanship of great magicians. When you watch a magic… Read more →
The AntiSocial Engineer Limited is supporting the Yorkshire Cyber Security Cluster to announce the first annual Yorkshire Cyber Security Event taking place on the 12th May at the 3m Buckley Innovation Centre in Huddersfield. We will be talking about our recent research into SIM Swap Fraud and sharing tips on how to keep safe online, we are even providing the refreshments… Read more →
In this post, I wish to cover ‘Sim Swap Fraud’ and some of the ways we can prevent it. I’m not a natural writer, I only do these blogs in hope people will listen up and improve security. So feel free to read the Vice Post inspired by this research instead. The last time I wrote a blog like this was… Read more →
SMShing Explained SMShing is a common attack method used in the wild to target companies, using targeted text messages towards staff mobile phones. These messages can be generic or a more focused ‘spear’ type message, depending on how much information is already known by the attacker. The sender ID of any SMS can be edited to use a custom name resulting… Read more →
I grew up in Yorkshire and of all the likeable local traits there is, there is one I despise. The gruff, basterdised local accent. Londoners mistakenly view you as a farmer and there is no risk of hearing the tones of how we speak on the ten o’clock news. I was 12 when I learnt that ‘nowt‘ was not a… Read more →
One of the most interesting skills we have honed over the years has been the use of OSINT techniques to gather information on my client company. For those new to all this, it’s ok because you can follow quite easily and should learn a few things that might help with everyday life. Let me apologise for the first obscure word… Read more →
When considering the security threats your organisation will encounter you would be forgiven if the humble bin slipped your mind. Every instance of this invisible cyber, hacking, scare story we receive on the media these days is referring to ‘complex and sustained attacks’. The innocent rubbish receptacles definitely don’t seem complex… But there is a wealth of knowledge hidden amongst… Read more →
