...
Mother's maiden name... - Phishing Hall of Infamy - Day 3
Harri Freeman 26 Jul 2017 09:28 Edited on 26 Jul 2017 at 09:29
Hi all,

Welcome to Day 3 of The Phishing Hall of Fame on AXELOS Community!

It’s vital for your employees and colleagues to understand what they should and shouldn’t share on social media. Therefore, today we’d like to test your ability to identify vulnerabilities in some fictional social media profiles. All you need to do is identify 5 vulnerabilities (there are more than that if you want to keep searching!) and explain how they could be used to assist in a cyber-attack.

User image
Larger Version
User image
Larger Version


Before you go, remember to complete today's RESILIA quiz 
 
Post Options
...
26 Jul 2017 12:00
The vulnerabilities i see here are:
​- Picture of Credit card
​- His name and initial
​- Hospital he was born
​- email address
- Profession i.e. Banking
- Screenshot of his calendar
​- All his password has 1 at the end
Post Options
...
26 Jul 2017 15:02
Yes... and list goes on :)
Post Options
...
26 Jul 2017 15:13
Sorry i missed out how the last part - these information could be used for identity theft
Post Options
...
26 Jul 2017 14:55
Now a days lot communcation happening through socal media. Hackers taking this oppurtunity to attack on others sensive information  for misuse

The vulnerabilities from from Socail networking ares like facebook, Linkedin, Twitter, Instagram, Orkut...
 

1. Sending links that has malware...
2. JPGvirus - The collection of computers that generate harmful files upon running malicious application on Facebook
3. Stuxnet worm - by spreading itself through network either by file
sharing or through shared folders. The PC which has been infected through this worm is connected to 
network and has the shared folder.
4. Print Spooler vulnerability. This worm affects the systems that share a common printer. 
5. .lnk Vulnerability - server gives some specific commands, the coding of some system that is connected to it, 
6. sending phising mails to the connected people
  
some way to save us are

Accept known people intp network
Filter people out in case any misuses identifies
Do not share confidentail details through social media
Post Options
...
26 Jul 2017 15:00
The ways of asking persona informtion is tricky..
as we are part of network.. reachiing is is easy  
common verification questions from varius organization
SSN number
date of birth
Mother maidain name
Address, email, physical address
password hints
Phone number

 
Post Options
...
28 Jul 2017 10:12
Humn...
I see way my organization filtered some socail webistes (not for using it but the damage caused by malware)
Post Options
...
13 Sep 2019 08:54
Hi,

Sharing such information on the vast internet is by default a bad idea.

You can gain knowlegde from this information and setup malicious activities like:
  1. Targeted attacks (like spear fishing)
  2. Social engineering
  3. Impersonation
  4. Spreading fake news
These are just some ways to exploit sensitive information. Many more are out there!

Have a nice day,

Pieter
Post Options
...
13 Sep 2019 08:56

Hi,

Crawlers on the internet search for such information and put them in public available databases or the information is being sold on the black market e.g. the dark web.

There are website like https://haveibeenpwned.com/ where you can check whether your account has been compromised.

Have a nice day,

Pieter

Post Options
...
13 Sep 2019 08:59
Hi,

I’ll list 3 sensitive pieces of information here ,which you can get from the examples given:
  1. Social Security Number
  2. Phone number
  3. Password guideline

Have a nice day,

Pieter
Post Options
Forum Leaderboard
Our “Leaderboards” are just one way we show off the best and brightest of the AXELOS Community. This is a list of our top users with the highest post counts in the AXELOS Community - select "View the full leaderboard" to find out where you are on the list!