Normally smaller news articles murmur on the internet days before the release of a data breach, we’ve seen it with Equifax and we have seen it with many other corporate giants. But sometimes reading between the lines you can pick …
As We Grow
It was Christmas Eve 2014 when I started The AntiSocial Engineer Limited. It was founded from a passion to secure people online and fuelled by utter hatred of how the information security industry was. The aim was simple, I wanted …
Phishing, Evolved.
When we talk about phishing, the first thing people would associate with is the traditional phishing email. The click here. The “urgent action needed” kind of junk we see everyday in our inboxes… but is this still the case? Are …
Two Factors Of Security
Note: Before starting this article we couldn’t miss the opportunity to recommend people to this web page should you need help setting up two factor on your accounts – https://twofactorauth.org/ Google’s announcement that 10% of users use 2-factor authentication has …
Advanced Phishing Techniques and TalkTalk
We have already had our dealings with TalkTalk as covered in our earlier blogs here and here. We felt the need to disclose their 2015 Data breach previously, but it does disappoint us to need to write again. This isn’t a …
The Making of a Drop Box
A drop box is a small computer designed to be connected to a corporate network, once connected it should enable attackers remote access to the network through a variety of methods. We have seen similar devices used in the wild …
Malicious Packets
Recently we had quite an interesting engagement and we have been allowed to share some of the details! Objective: Gain physical entry to a building for the purpose of impromptu network penetration test and wireless testing. Company Arena: Global Offices, …
Exploiting Chrome Attacks to Educate Staff
Social engineering attacks can normally be quite deceptive and hard to understand, the attack should be a little like magic in the way a victim should be left questioning how you did it after it’s all over. Although as an industry …
Opening Up Fraudulent Invoices
We often talk about the unknown ‘attackers’ out to get us in the context of cyber security, but the majority of these types are not confrontational people – they barely deserve the term attacker. They hide in the shadows with …
Gibraltar Cyber Security Summit
We attended the Gibraltar Cyber Security Summit this week. It’s an initiative to bring together policing departments, local authority and cyber crime related experts. Speakers from the AFP, FBI, NCA, GCHQ and others took to the stage to transfer essential …
Phishing Robots
So it turns out us humans aren’t the only ones with a few flaws when it comes to an inbound phishing email! Often uttered from the crowds at every infosec event is the dreaded cliché statement, “Well, humans are the weakest links …
Naughty Name Servers
It’s always DNS. If something has broken online the first step is normally checking what the DNS is doing. Similar when we try to discover all we can about an organisation in the recon stages of any assessment it’s also …
The ‘can you hear me’ scam
Last week you might have heard in the press about a phone scam that’s is supposedly sweeping the nation. The dreaded, super sneaky ‘Can you hear me’ scam. Fraudsters will ring you and ask the question “Can you hear me?”. …
Will they send a SMS or won’t they?
Recently I stumbled across a publication from HMRC, it stated the forms of communications they would use to contact the tax paying public. Example messages were displayed in an attempt to ‘whitelist’ communications. Basically, if you receive correspondence that looks …
Lawyers Must Recognise the Value of their Data
This is a copy of a guest blog authored for Ascertus Ltd, feel free to read the post over here. Whilst content in our 9 – 5 employment, slightly resentful that our personal activities aren’t getting the attention they deserve, …
Project ‘Sender ID’
Over 100 Billion SMS messages are sent per year in the U.K., whilst this figure continues to fall due to mobile device users opting to use alternative communication mediums such as WhatsApp, Facebook Messenger and Signal – we are still …
How to nearly buy Google.com for £8
As an English speaker, I mainly stick to Latin characters and some symbols that cover my day to day needs. I demand payment in £, I add a few &@! to my passwords and I am known to include the …
iMessage Preview Problems
In recent Apple iMessage updates, the way links are handled within an SMS message have changed significantly and this adaptation poses quite a concern for us. Early 2016 we were the first company in the UK to offer SMShing services, …
InfoSec Interviews – Richard De Vere
Original article by IT Governance: here So a while back I was interviewed by Lewis Morgan from the IT Governance Blog and thought i’d share this on the site. It is a little tongue in cheek reading it back actually! But …
Sim Swap Fraud – Porting your digital life in minutes.
In this post, I wish to cover ‘Sim Swap Fraud’ and some of the ways we can prevent it. I’m not a natural writer, I only do these blogs in hope people will listen up and improve security. So feel free …
Abusing automated call handlers
I grew up in Yorkshire and of all the likeable local traits there is, there is one I despise. The gruff, basterdised local accent. Londoners mistakenly view you as a farmer and there is no risk of hearing the tones …
Rubbish Security
When considering the security threats your organisation will encounter you would be forgiven if the humble bin slipped your mind. Every instance of this invisible cyber, hacking, scare story we receive on the media these days is referring to ‘complex …
Social Engineering & TalkTalk
This month I have been looking at the way in which a small minority of TalkTalk customers are suffering from the rise in social engineering attacks. It seems post CPW/TalkTalk breach real evidence of further frauds is apparent. Victims can …
Should brainwaves be used for employee screening?
An interesting article by SC Magazine regarding a study that suggests brainwaves could be used to assess if an applicant will be a security hazard. At The AntiSocial Engineer we believe staff are never beyond help, we work together to …