What is Ethical Hacking?

Ethical hacking, sometimes known as white hat hacking is when a digital forensics expert or OSINT investigator attempts to penetrate a computer system, network or app on behalf of the owners – with their permission. Ethical hacking is usually done to find if there is any security vulnerabilities that a hacker or cybercriminal could use to exploit someone.

The purpose of ethical hacking is to test the security of the systems involved and identify if there are any vulnerabilities in the system as well as the network or infrastructure. Investigators involved will often attempt to exploit the vulnerabilities themselves to see whether malicious activities are possible.

Black hat hackers are the unethical counterpart of ethical hackers. Rather than take advantage, ethical hackers will use their skills to document if there are any weaknesses in the systems and give advice on how to fix them and then strengthen their overall security systems.

Here are some ways ethical hacking done by digital forensics experts involve in OSINT (Open Source Intelligence) can help businesses and organisations:

1. Finding Vulnerabilities: By using ethical hacking you can discover if the IT security measures are working properly as well as whether they need to be updated. A business can use the advice from ethical hackers and improve their overall security to stay safe from cyber-attacks, including online scams and fraud.

2. Demonstrate Cybercrime Methods: These demonstrations can help show users how malicious hackers will attach their systems and create disasters for businesses. Those who have an in-depth knowledge of this are better able to prevent it from happening again in the future.

3. Prepare for a Cyber-attack: The one way to destroy a business is a cyber-attack, especially small businesses, but businesses are still not prepared! Ethical hackers know how cybercriminals work so they can assist businesses and business owners with prepare for the future and better adapt to online threats.

Some say that hacking is hacking, but ethical hacking is done by professionals to assist businesses and organisations with their security systems and ensure they are effective and successful.

Is your security system up to par? Contact the OSINT or digital forensics department on 021 110 0422 or email contact@osint.co.za | contact@tcgforensics.co.za. Alternatively, you can find out more on the website www.osint.co.za | www.tcgforensics.co.za

Are you Flirting with a Dating Bot?

Guess what, dating bots are a real thing and falling for one is easier than you think.

Online dating is supposed to be fun and convenient, you get to chat with new, fascinating people that could potentially turn into love interests plus it takes away that first-date awkwardness.

But it’s never that simple.

Dating online has many pitfalls including dating bots that clog almost all the online dating sites you use. Did you know that almost 60% of traffic online is generated by bots? This includes dating websites and social media sites.

Online dating bots are specifically designed to chat with you and trick you into paying membership fees on dating websites; they can even trick you into giving out your private information such as your banking details.

Here’s how to recognize a dating bot:

• Their profile picture is a professional glamour shot.
• They profess their undying love for you a day or two after chatting.
• They make promises to meet you in person, but something always comes up.
• They ask you for money for things such as emergency medical bills, travel expenses, etc.

It is important that you know that there is a difference between dating bots and malicious scammers. A scammer is a cybercriminal who wants to steal your money and possibly your personal information, but a dating bot is an automated computer script.

Are you flirting with a dating bot? Here are some signs to look out for:

• They have automated scripts so they will respond to your messages really fast.
• They don’t respond directly to you if you ask a specific question instead, they’ll respond with a series of lines.
• They don’t have mutual friends or interests.
• They immediately encourage you to visit a specific site or share your personal information with them.

Despite all the negatives about online dating, in this day and age online dating is a great way to meet new people and possibly find your perfect companion.

If you think you’ve been scammed, contact OSINT immediately on 021 110 0422 or email contact@osint.co.za.

10 silly things you do online that are putting you in danger!

You may not be someone who takes risks. You may be someone who follows all the rules, you pay your bills on time, you always wear your seatbelt and you even put on sunblock when it’s a cloudy day.

But do you follow all the rules when you’re online? Are you exposing yourself and your money to the dangers that lurk on the internet? Here are 10 silly things that you might be doing that put you at risk!

1. You just assume that online banking websites are safe. Cybercriminals will go where your money goes, so going to a fake banking site and not noticing before you put in your private login details and password can easily lead to cyber theft.

2. You’re doing your online shopping in shady places. You see a great deal online, but you need to be cautious before you visit just any online shop and click “Add to Cart.” Always enter the URL directly and make sure the site is reliable and well-known.

3. You use the same password for everything. If you’re not taking the time to think of unique, different passwords for all your accounts then cybercriminals will have no trouble stealing your money. Each one of your passwords should be a minimum of 12 characters and include upper class and lower class letters, at least one number and a special character.

4. You don’t know who your friends are. It might make you feel cool to be friends with everyone from your hometown, but it is always advised to be cautious when accepting just any friend request on Facebook. Do not accept anyone you don’t know personally!

5. You never question anything. You should always be on alert when you go online and question how legit the websites are when you visit them, you could potentially lose money and private data. Never click on ads and links from suspicious emails or SMS messages.

6. You’re being too open. You might just think it’s a Facebook post, but when you include personal details such as your address, school, place of work or family history then you’re giving cybercriminals clues to gain your passwords.

7. You never bother to read the fine print. Nobody enjoys reading the Terms and Conditions that is why online businesses know they can take advantage and sneak some things past you. Do not accept the Ts and Cs without reading them or you could be giving away your online privacy.

8. You do your shopping and banking using public Wi-Fi. Cybercriminals love to use public Wi-Fi hotspots to trick you into connecting to a malicious network. Always be wary of public Wi-Fi links and make sure your network is completely secure – your best bet is to just use your data connection for important transactions!

9. You jailbreak your mobile devices. By jailbreaking your device you are doing more than adding features, you are taking away vital protections and inviting cybercriminals to hack your smartphone or tablet. Avoid jailbreaks, third party download sites and suspicious apps.

10. You don’t know what your kids are doing online. If you have children you should always know what websites they are visiting as well as what social media networks they are using. The internet is going to be a part of their life whether you like it or not, so help them learn about cyberbullying and online etiquette.

Are you exposing yourself as well as your private data to the dangerous cybercriminals that lurk online? If so, be sure to take the right steps to avoid making these silly mistakes. 

Should you need any assistance or have any questions please contact the OSINT | Open Source Intelligence Division or Digital Forensics on 021 110 0422 or email contact@osint.co.za additionally you can take a look at the website www.osint.co.za | www.tcgforensics.co.za

The Top 4 Malicious File Attachments to look out for

Billions of messages are sent out every day by spammers, most of it is annoying advertising and harmless in general, but every now and again there is a dangerous file attachment in one of the messages!

To trick you into opening the attachment, most spammers will pretend it is something useful or important such as a Word document, gift card, a PDF, etc.

Here are the top 4 dangerous file attachments to look out for…

1. ZIP and RAR archives – Cybercriminals like to use archives to hide the malware they are trying to send you! On Valentine’s Day this year attackers were sending out files named Love_You_0899 to people into clicking them and installing ransomware.

2. Microsoft Office documents – Word documents as well as Excel spreadsheets are some of the most popular Microsoft Office files cybercriminals love to use. Most of the time, they will target office workers and disguise the malware files as urgent messages, contracts or bills.

3. PDF files – A lot of people know about Microsoft Office booby traps, but not much about PDF files. Cybercriminals are fond of concealing malware in PDF files because it can be used to create and run JavaScript files as well as phishing links in the documents.

4. ISO and IMG disk images – These files are rarely used however lately cybercriminals have been using these files to spread malware. Attackers will use the disk images to deliver malware to a victim’s computer by putting a malicious executable file inside the image.

Do not be fooled by file attachments that seem to be an amazing offer, important PDF or urgent  message!

Never open suspicious emails from email addresses you do not know and always use a the right security tools that will notify you of any dangerous files and notify you of them.

Do you feel unsafe? Be sure to contact OSINT | Open-Source Intelligence on 021 110 0422 or email contact@osint.co.za otherwise learn more on www.osint.co.za

The 7 Worst Social Media Scams

Cyber criminals are everywhere, they’re even terrorizing your social media news feed!

In this day and age your personal information such as where you go, what you do, who you chat to and what you like can be used as valuable data by cyber criminals. These cyber criminals will sell your private data to people who will use it to target ads, launch campaigns and other malicious operations.

You may be thinking to yourself, I’m only one person; no one is going to target me. Well, you’re very wrong! Should you fall victim to a social media scam it not only affects you, it affects your entire network of friends and contacts.

Make sure you know these common social media scams and avoid them as best you can…

1. Quizzes, Surveys & Contests. These scams are cute enough to make you think they’re completely innocent. And while you might think it’s all fun and games when they ask you your mothers date of birth or maiden name so you can see what Game of Thrones character you are, they are in fact getting information about you and your loved ones – do not click on these!

2. Clickbait. It’s almost irresistible to ignore that headline and not click on that unbelievable article, but the truth is it’s just bad actors doing a really good job at knowing what clickbait will tempt you. Should you click you’ll be redirected to where they want you to go, most of the time it’s to a fake login page where they can steal your information!

3. Cash Requests. Someone you know is desperately asking for money be aware that it could be someone who has hacked into their account and is not spamming every one of their friends, asking for money. Always double check with your friend if you receive a request for money on a social media website.

4. Short URLs. They save space, but criminals on social media sites are using these shortened URLs to trick you into clicking them and spreading virus, malware and so much more! Before you click on anything, check on http://www.checkshorturl.com/ to ensure it will take you to the official website.

5. Suspicious Friend Requests. This one is obvious, but whenever someone sends you a friend request always ask yourself, why? If you can’t think of a reason rather ignore the friend request. In today’s digital world, you can never trust the kindness of strangers, especially those on social media.

6. Double friend Requests. You have probably experienced this one before, you received a friend requests from a friend you already have and justify it as their new profile or a mishap and accept the request. Well, it’s not your friend; it’s a cybercriminal hoping you let them in!

7. Fake Emergencies. These “emergencies” will seem to be from a friend or the social media site itself informing you of something critically important on your account. Cyber criminals are hoping you’ll be a panicked state and enter your login details, giving them access to your private information. Never trust links within messages, posts, or emails.

The good news for you is that these scams are easy to spot and avoid, the bad news is that millions of users who are not tech-savvy will be innocent enough to fall for them!

Have you fallen victim? At OSINT, we will do what we can to assist you, call 021 110 0422, email contact@osint.co.za or learn more here www.osint.co.za

Are you Dating an Online Scammer?

Dating scams cost unsuspecting people money as well as heartache each and every year, but still people continue to fall for the tricks and so online dating scams continue to rise.

These cybercriminals will play a long game to cheat you out of your money, rather than using a simple phishing email or scam. If you are using an online dating app or chatting on social media, please be aware that these cybercriminals do exist and you could even dating one!

Be sure to look out for these signs to tell if the person you’re dating online is actually a scammer!

1. Suspicious Profile

A typical scammers dating profile will have only a few images that have been posted recently. Most often these images are model or glamour stock photos. They’re looking for singles in your area, but they work or live in another country. Be wary if the profile has limited information and only one or two photos.

2. Moving the Conversation

Online dating scammers will try their best to move the conversation to another form of messaging such as Skype, Facebook, WhatsAppor SMS. If they try and take the conversation elsewhere – be on alert!

3. Professing their Love

You’ve just started chatting and they profess their love for you and gush about the deep emotional connection you have. This is all a way to emotional manipulate you, especially if you are feeling isolated and vulnerable at the time. Always lookout for those who are overly flattering in the early stages of the communication.

4. Something always comes up

A common line used by scammers is planning to meet up with you but then an unexpected issue always comes up just before it happens. Because they can’t meet up with you, this might even be one of the first reasons they ask you for money, perhaps they’ll lie and say they don’t have money for a plane ticket or to travel.

5. Avoiding Video Chat

Did you know that the majority of online dating scams go back to those living in Nigeria? So they may avoid phone calls or voice chats because their accents and appearance will give them away. No matter where they are from, someone scamming you will be using fake photos so they will always make excuses not to video chat. Do not be fooled by someone who says they love you and then blames shyness for not wanted to communicate over video.

6. Requesting Money

The ultimate goal that an online dating scammer has is to rob you of your money, so there are a range of scenarios they will make up. Some of the most popular include: a sick family member or emergency, health issues and travel problems. You are definitely the target of a scam if you ever get any kind of financial request!

7. Assisting with Financial Transactions

A newer kind of online dating scam is turning the victim into a money mule or money laundering accomplice! Be on full alert if you are ever asked to do any kind of financial transaction or exchange, they would possibly be luring you into doing something illegal.

If you choose to date online, please be sure to take the right measures to protect yourself and overall just use your common sense.

If you think you’ve been a victim of an online dating scam or perhaps you think you might be dating a scammer right now – contact the OSINT department in South Africa on 021 110 0422 or email contact@osint.co.za | alternatively visit the website to find out more www.osint.co.za

How does a Criminal hack your Cellphone?

A lot of people would be really surprised if they knew how easily hackers gain access to cellphones to steal personal and private data or information.

These days cyber criminals have software and systems that can hack your mobile phone with just your number, where they listen to your private calls, read your messages and emails, access your online banking and anything else you store on your phone.

A hacked phone is a concern to most people, but it is even more of a concern to massive enterprises and businesses across the globe. Cellular phones are used daily by businesses and often sensitive information is shared over calls and through messages, meaning a hacked phone can lead to loss of financial data and important customer information!

What is even scarier is the fact that tutorials on how to hack cellphones can be found on the internet for just about anyone to access. This is why it is so vital for everyone to set up security to protect their mobile phone and communications.

Did you know that every year billions of phones are hacked because they are unprotected?

Securing your phone and communications from hackers requires multiple steps including creating secure, unique passwords, avoiding public Wi-Fi connections, and diligence in checking links in emails and messages to ensure authenticity before clicking on them, and encrypting calls and messages.

Are you looking for professional digital forensic services which include cellphone analysis, penetration testing, image enhancements and so much more? Call the TCG Digital Forensic’s team on 021 110 0422 or email contact@tcgforensics.co.za

The 5 cyber-attacks you're most likely to face

The fact is most companies face the same threats and should be doing their utmost to counteract those risks. However at some point you may lose your precious data to a vicious cyber-attack, if you’re ever in this position, contact the experts at DLA for assistance!

Here are the five most common successful cyber-attacks.

Cyber-attack No. 1: Socially engineered Trojans

This is the No. 1 method of attack. Usually, a website will tell users they are infected by viruses and need to run fake antivirus software. Also, they're nearly out of free disk space and need a fake disk defragger. Finally, they must install an otherwise unnecessary program, often a fake Adobe Reader or an equally well-known program. The user executes the malware, clicking past browser warnings that the program could possibly be harmful. Voilà, exploit accomplished!

Cyber-attack No. 2: Unpatched software

Coming in a distant second is software with known, but unpatched exploits. The most common unpatched and exploited programs are Java, Adobe Reader, and Adobe Flash.

The best countermeasure is to stop what you’re doing right now and make sure your patching is perfect!

Cyber-attack No. 3: Phishing attacks

About 70% of emails are spam. Even though there are anti-spam vendors, you will probably receive several spam emails each day, and a least a few of them each week are darned good phishing replicas of legitimate emails.

Cyber-attack No. 4: Network-traveling worms

Computer viruses aren't much of a threat anymore, but their network-traveling worm cousins are. We don't see the massive outbreaks of the past with email attachment worms, but the network-traveling variety is able to hide far better than its email relatives.

Cyber-attack No. 5: Advanced persistent threats

APTs usually gain a foothold using socially engineered Trojans or phishing attacks.

A very popular method is for APT attackers to send a very specific phishing campaign -- known as spearphishing -- to multiple employee email addresses. The phishing email contains a Trojan attachment, which at least one employee is tricked into running. After the initial execution and first computer takeover, APT attackers can compromise an entire enterprise in a matter of hours. It's easy to accomplish, but a royal pain to clean up.

The Profile of a Cyber Criminal

The original cyber criminal is typically seen as a smart, lonely deviant – a teenage or adult male who’s long on computer smarts, but short on social skills. But like most stereotypes, it doesn’t begin to tell the whole story.

The digital forensic experts at DLA have provided interesting facts and statistics to identify the exact profile of a cyber criminal.

- Every day over 105 million worldwide are victims to cyber crime.

- 65% global internet users have been victims of cyber crime.

So, who exactly are these cyber criminals?

Ageless Society

• 50+ years old – 11%
• 35+ years old – 43%
• Under 25 years old – 29%
• 14 - 18 years old – 8%

Gender

• Male – 76%

Work in Packs

Cyber criminals work in groups as part of larger organisations…

• 25% active cyber criminal groups have operated for 6 months or less
• 50% cyber criminals groups have 6 or more members

Located in

• North & South America – 19% of global attack traffic
• Europe – 28% of global attack traffic
• APAC – More than 49% of global attack traffic
• Indonesia – Highest in APAC with 14%

Highly Organised

• Full-fledged businesses with execs, middle managers and workers.
• Underground chat rooms, web portals + market places for hiring hackers, buying malware + other illegal information are supporting these “businesses”.
• Invitation-only, help wanted portals specifically for cyber criminals, most originating from Russia.
• Hosting providers are key to success of cybercriminals who need servers to store illegal code, malware + stolen data, most of these providers are in Russia and China.

FIGHT BACK!

Always

• If buying merchandise or making a payment online, make sure it is a reputable, secure source.
• Track your online credit transactions often for fraudulent activity
• Shred, don’t throw away any bank or credit card statements

Caution

• Be wary of providing credit card information through email.
• Be cautious when dealing with individuals from outside your country.
• Be cautious when money is required up front for any job lead.

Never

• Never provide unknown prospective employers with your social security number.
• Never give your credit card number out over the phone unless you made the call to the known business.
• Never open or respond to spam emails.

We can’t stop cyber criminals from attempting their crimes, but we can stop them from getting our identities and precious information online.