1

00:00:00,750  -->  00:00:02,969
Many of the social
threats we face

2

00:00:02,970  -->  00:00:06,360
can be mitigated with the same
type of security controls.

3

00:00:06,520  -->  00:00:08,409
So the threats I’m referring
to you here

4

00:00:08,410  -->  00:00:10,599
are things like identity theft,

5

00:00:10,600  -->  00:00:13,710
social engineering like, phishing,
vishing, smishing,

6

00:00:14,000  -->  00:00:15,389
scams and cons,

7

00:00:15,390  -->  00:00:17,850
as well as things like
doxing and spam.

8

00:00:18,250  -->  00:00:20,939
In this video I’m going to talk
through the security controls

9

00:00:20,940  -->  00:00:23,520
that protect you from
these social threats.

10

00:00:23,760  -->  00:00:25,809
And these security
controls can be split

11

00:00:25,810  -->  00:00:27,080
into two categories.

12

00:00:27,480  -->  00:00:30,509
The first we’ll cover is
behavioral changes.

13

00:00:30,510  -->  00:00:32,370
This is changing what you do

14

00:00:32,400  -->  00:00:34,870
to doing something
safer instead.

15

00:00:35,140  -->  00:00:37,319
Such as not downloading
and running

16

00:00:37,320  -->  00:00:39,580
an executable from your email.

17

00:00:39,860  -->  00:00:41,599
The problem with behavioral
changes though

18

00:00:41,600  -->  00:00:44,240
is it relies on us humans

19

00:00:44,300  -->  00:00:47,720
and we are fallible and often
forget to do the right things.

20

00:00:48,030  -->  00:00:49,770
The second type of control

21

00:00:49,870  -->  00:00:52,240
is technical security controls,

22

00:00:52,390  -->  00:00:54,519
such as using sandboxing

23

00:00:54,520  -->  00:00:56,790
on your email client or browser,

24

00:00:56,960  -->  00:00:58,959
and of course we use
defense in depth

25

00:00:58,960  -->  00:01:00,200
so that we have layers

26

00:01:00,330  -->  00:01:03,440
of both types of security
controls to protect us.

27

00:01:03,640  -->  00:01:05,760
So we will implement behavioral

28

00:01:05,840  -->  00:01:08,689
and technical security
controls to protect us

29

00:01:08,690  -->  00:01:10,360
against these social threats.

30

00:01:10,620  -->  00:01:13,360
So let's start with behavioral
changes

31

00:01:13,440  -->  00:01:15,760
in order to protect ourselves
from these threats.

32

00:01:16,150  -->  00:01:17,650
The number one defense

33

00:01:17,730  -->  00:01:19,440
against social attacks is

34

00:01:19,730  -->  00:01:22,370
if you didn't request it
do not click on it.

35

00:01:23,030  -->  00:01:26,340
Do not respond to it and be
immediately suspicious.

36

00:01:26,480  -->  00:01:30,329
This includes your emails,
sms's, telephone calls,

37

00:01:30,330  -->  00:01:32,970
messages, things that
pop up on the screen,

38

00:01:33,050  -->  00:01:35,230
messages within messaging apps.

39

00:01:35,360  -->  00:01:38,570
If you didn't request anything,
always be suspicious of it.

40

00:01:38,750  -->  00:01:40,429
Some of the messages you can get

41

00:01:40,430  -->  00:01:43,020
can be very enticing
and seem legitimate,

42

00:01:43,320  -->  00:01:44,720
but if you didn't request it,

43

00:01:44,880  -->  00:01:46,350
or you weren't expecting it,

44

00:01:46,410  -->  00:01:49,130
then it should always be
considered suspicious.

45

00:01:49,400  -->  00:01:51,210
If you have subscribed
to an emailing list,

46

00:01:51,610  -->  00:01:54,040
then you are expecting the emails
and those are fine,

47

00:01:54,140  -->  00:01:56,470
but if you suddenly get an email
you never requested,

48

00:01:56,770  -->  00:01:59,890
then it should be immediately
considered suspicious.

49

00:02:00,040  -->  00:02:00,670
So remember,

50

00:02:00,730  -->  00:02:03,010
if you didn't request it,
do not click on it.

51

00:02:03,320  -->  00:02:05,420
Next is never download and run

52

00:02:05,560  -->  00:02:08,320
any file you don't100% trust,

53

00:02:08,450  -->  00:02:11,690
especially not if you’ve
been sent it via a link

54

00:02:11,810  -->  00:02:13,929
or via an attachment
from an email

55

00:02:13,930  -->  00:02:15,570
that you did not expect.

56

00:02:15,800  -->  00:02:17,219
All email attachments should be

57

00:02:17,220  -->  00:02:19,219
considered suspicious
and should be

58

00:02:19,220  -->  00:02:21,480
put through some technical
security controls

59

00:02:21,770  -->  00:02:23,300
that we’ll detail later,

60

00:02:23,330  -->  00:02:26,719
so don't run attachments
and files

61

00:02:26,720  -->  00:02:28,250
that you don't % trust.

62

00:02:28,600  -->  00:02:31,659
Never enter things like
usernames and passwords

63

00:02:31,660  -->  00:02:33,300
or personal information

64

00:02:33,500  -->  00:02:36,140
after following a link
or a pop up.

65

00:02:36,300  -->  00:02:38,740
Always, always go to the site

66

00:02:39,160  -->  00:02:42,560
by typing in the URL yourself
into the browser.

67

00:02:42,820  -->  00:02:45,459
In fact, these days, companies
should not be sending out

68

00:02:45,460  -->  00:02:48,139
links in emails asking
you to log in

69

00:02:48,140  -->  00:02:49,780
and enter personal information.

70

00:02:49,900  -->  00:02:52,419
You will find that companies
that understand security

71

00:02:52,420  -->  00:02:53,779
don't do this anymore,

72

00:02:53,780  -->  00:02:55,539
they ask you to go to the site,

73

00:02:55,540  -->  00:02:57,460
and login without
providing a link.

74

00:02:57,600  -->  00:02:58,799
They tell their users that

75

00:02:58,800  -->  00:03:00,480
they never send out links,

76

00:03:00,530  -->  00:03:02,279
because they want
to train their users

77

00:03:02,280  -->  00:03:04,870
not to click on links
sent in emails

78

00:03:04,950  -->  00:03:05,840
to their site,

79

00:03:05,841  -->  00:03:08,810
because they know that
that very same tactic

80

00:03:08,860  -->  00:03:10,719
is used in phishing attacks,

81

00:03:10,720  -->  00:03:12,320
so they want to train
their users

82

00:03:12,380  -->  00:03:14,959
out of receiving links in emails

83

00:03:14,960  -->  00:03:16,730
and clicking on them
to their site.

84

00:03:16,910  -->  00:03:20,619
So never enter usernames, passwords,
or personal information

85

00:03:20,620  -->  00:03:22,110
after following a link.

86

00:03:22,480  -->  00:03:24,000
Go to the site itself,

87

00:03:24,130  -->  00:03:26,890
enter the URL yourself
within the browser.

88

00:03:27,314  -->  00:03:29,599
You can attempt
to validate the link.

89

00:03:29,600  -->  00:03:31,599
In the section on
know your enemy,

90

00:03:31,600  -->  00:03:34,022
we talked through how
links are manipulated,

91

00:03:34,182  -->  00:03:36,228
so you can check
to see whether it

92

00:03:36,229  -->  00:03:39,577
conforms to any of the known
attack types

93

00:03:39,657  -->  00:03:41,771
and link manipulation techniques.

94

00:03:41,874  -->  00:03:43,794
So are there any subdomains?

95

00:03:44,011  -->  00:03:45,200
Like we can see here,

96

00:03:45,325  -->  00:03:47,828
so we have a subdomain here,

97

00:03:51,714  -->  00:03:53,472
so we know that that’s
dodgy looking,

98

00:03:53,473  -->  00:03:55,245
and that's the real domain.

99

00:03:55,360  -->  00:03:57,051
Are there any subdirectories?

100

00:03:57,154  -->  00:04:00,377
Here we can see some
subdirectories,

101

00:04:00,491  -->  00:04:03,257
so we know that
that’s a dodgy URL.

102

00:04:03,794  -->  00:04:04,914
That’s the real domain.

103

00:04:05,668  -->  00:04:07,325
Are there any misspellings?

104

00:04:07,474  -->  00:04:11,611
And here we go, misspellings,
that's a dodgy domain.

105

00:04:12,240  -->  00:04:14,502
So it may be tricky
to understand,

106

00:04:15,051  -->  00:04:15,942
as I’ve gone through this,

107

00:04:15,943  -->  00:04:18,948
which are the real domains
depending on your experience.

108

00:04:19,531  -->  00:04:21,714
So the real domain is the one

109

00:04:22,137  -->  00:04:25,257
that is to the left of
the high level domain,

110

00:04:27,394  -->  00:04:28,674
that’s the high level domain

111

00:04:30,217  -->  00:04:32,811
and it has no slash
to the left of it.

112

00:04:33,554  -->  00:04:36,039
High level domains
are things like

113

00:04:36,040  -->  00:04:38,937
dot com, dot net, dot org,

114

00:04:39,828  -->  00:04:42,708
and when we say that there is
no slash to the left of it,

115

00:04:42,788  -->  00:04:48,022
this does not include
the slash in the http://.

116

00:04:48,994  -->  00:04:51,771
Are they using IDN
homographic attacks?

117

00:04:52,388  -->  00:04:54,560
So here we can see them using

118

00:04:55,165  -->  00:04:59,702
zero's instead of O's,
and a one instead of an L.

119

00:05:00,068  -->  00:05:02,443
With different fonts
it can be impossible

120

00:05:02,444  -->  00:05:04,868
to see the difference,
so do note that.

121

00:05:05,222  -->  00:05:08,525
Are they using hidden URLs
using html a tags?

122

00:05:09,074  -->  00:05:10,457
You can hover over the link,

123

00:05:11,131  -->  00:05:12,925
and we can see there
in the bottom left,

124

00:05:13,245  -->  00:05:15,325
this is revealing
the correct URL,

125

00:05:15,382  -->  00:05:18,134
but it doesn't always reflect
the correct URL,

126

00:05:18,135  -->  00:05:20,880
it depends on your email client,
your browser,

127

00:05:21,017  -->  00:05:22,784
what Java script is being used,

128

00:05:22,785  -->  00:05:26,102
but that's a good indicator
of what the real URL is.

129

00:05:26,765  -->  00:05:28,994
And also here, hovering over,

130

00:05:29,154  -->  00:05:30,990
you can see what
the real URL is.

131

00:05:31,782  -->  00:05:33,508
You can try right clicking,

132

00:05:34,777  -->  00:05:35,920
copying the link

133

00:05:37,200  -->  00:05:40,240
and pasting it into notepad,
or another text data.

134

00:05:40,308  -->  00:05:42,297
This may reveal
the correct link,

135

00:05:42,354  -->  00:05:44,719
but not always, again
because of Java Script

136

00:05:44,720  -->  00:05:47,108
and depending on the client
that you are using.

137

00:05:47,314  -->  00:05:48,674
You may also find that

138

00:05:48,994  -->  00:05:52,365
this is an image, but again,

139

00:05:52,400  -->  00:05:53,828
if you hover over it,

140

00:05:54,514  -->  00:05:56,274
it might show you the real URL,

141

00:05:56,594  -->  00:05:58,617
but if you don't trust it,
don't click on it.

142

00:05:58,834  -->  00:06:01,885
You might see unsubscribe
links like this one,

143

00:06:01,942  -->  00:06:03,725
usually at the bottom of emails.

144

00:06:03,726  -->  00:06:06,769
These can be used
as attack URLs as well.

145

00:06:06,770  -->  00:06:09,588
Don't click on the unsubscribe
links.

146

00:06:10,091  -->  00:06:11,977
You can copy and paste
the link here

147

00:06:12,102  -->  00:06:15,817
to see if it’s on a known
bad URLs list,

148

00:06:15,908  -->  00:06:18,445
but if it’s very new,
it won't be on here,

149

00:06:18,446  -->  00:06:21,577
so you can't rely on this 100%.

150

00:06:21,668  -->  00:06:24,091
In fact, just use this
as an indicator

151

00:06:24,148  -->  00:06:26,411
as there are tens
of thousands of

152

00:06:26,525  -->  00:06:28,445
phishing URLs at any one time.

153

00:06:32,262  -->  00:06:33,243
Now, if we look here,

154

00:06:33,244  -->  00:06:34,244
it’s going to tell us

155

00:06:35,028  -->  00:06:37,291
based on the various services

156

00:06:37,520  -->  00:06:40,205
whether it’s been reported
as a bad URL,

157

00:06:40,891  -->  00:06:45,131
and as we can see,
the BBC is safe for now.

158

00:06:46,788  -->  00:06:48,068
This has already been discussed,

159

00:06:48,137  -->  00:06:50,857
but in reference to these
particular attacks,

160

00:06:51,040  -->  00:06:53,479
a valid defense is minimizing

161

00:06:53,480  -->  00:06:55,748
your personal information
disclosure.

162

00:06:55,977  -->  00:06:58,628
I’ve stated this in many
parts of the course.

163

00:06:58,857  -->  00:07:01,177
You need to limit the amount
of information you give out.

164

00:07:01,178  -->  00:07:03,584
Simply by doing this,
you reduce your risk.

165

00:07:03,585  -->  00:07:05,497
You are less likely
to be a target

166

00:07:05,531  -->  00:07:07,451
of these social attacks

167

00:07:07,508  -->  00:07:09,565
and naturally remain
more private.

168

00:07:09,817  -->  00:07:12,399
We’ve just covered minimizing
your registration

169

00:07:12,400  -->  00:07:15,531
and alternatives to providing
information on registration.

170

00:07:15,691  -->  00:07:17,584
This, again, makes you
more secure

171

00:07:17,585  -->  00:07:20,228
and less likely to be a target
of these attacks.

172

00:07:20,422  -->  00:07:21,954
If they don't know you exist,

173

00:07:21,977  -->  00:07:23,803
if your email,
your phone numbers,

174

00:07:23,804  -->  00:07:25,965
your messenger ids
aren't available,

175

00:07:26,171  -->  00:07:27,245
they can't know it

176

00:07:27,291  -->  00:07:29,314
in order to send attacks to you.

177

00:07:29,645  -->  00:07:32,342
Especially, do not post
your email address,

178

00:07:32,343  -->  00:07:35,428
your phone number,
your messenger ids online,

179

00:07:35,554  -->  00:07:39,051
like say in forums, on your blog,
and those sorts of things,

180

00:07:39,052  -->  00:07:42,022
because they will be picked up
by automated scanners,

181

00:07:42,171  -->  00:07:44,651
and then you’ll become
an automatic target

182

00:07:44,652  -->  00:07:47,291
of phishing attacks,
scams, cons,

183

00:07:47,382  -->  00:07:50,605
spam, and whatever else
the latest social attack is.