#291 not yet fixed - Need to address and fix issues mentioned by pipe #300
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…s and allow others to view my current work and comment if necessary Work in progress to fix r-Techsupport#291 TODO sections are marked for proper fix later. This PR is just to allow others to see my progress and make comments.
Updated tech-scams as well, almost done
|
Potential remove images in email scams as they might be too obfuscated to be properly utilized |
Added session hijack as a supplement to tech-scams. Removed email_scam examples as they are too obfuscated. Updated tech-scams, just one final section left.
|
Add "Terminating sessions" in session hijack.md, include the following services for now:
|
All docs completed, addressed r-Techsupport#291 and ready for merge!
Mr-KayZ
changed the title
|
Feel free to review and edit accordingly, or make comments, scams page complete! |
K97i
suggested changes
Jul 26, 2024
|
|
||
| Hacked email accounts can serve as effective Trojan horses, a term used to describe deceptive malware attacks and email scams. Here's an example: | ||
|
|
||
| - A man received an email from a friend who is a software engineer. The email contained a suspicious link, which turned out to be a virus. The man confirmed with his friend that his email account had been hacked. (See my personal example in [the "Example of a compromized account scam" section](/docs/safety-security/tech-scams.md) where I had fallen for one such scam message. While not email per say, the methodology works the same way.) |
There was a problem hiding this comment.
Suggested change
| - A man received an email from a friend who is a software engineer. The email contained a suspicious link, which turned out to be a virus. The man confirmed with his friend that his email account had been hacked. (See my personal example in [the "Example of a compromized account scam" section](/docs/safety-security/tech-scams.md) where I had fallen for one such scam message. While not email per say, the methodology works the same way.) | |
| - A man received an email from a friend who is a software engineer. The email contained a suspicious link, which turned out to be a virus. The man confirmed with his friend that his email account had been hacked. (See my personal example in [the "Example of a compromised account scam" section](/docs/safety-security/tech-scams.md) where I had fallen for one such scam message. While not email per say, the methodology works the same way.) |
| The scammer claims a family member is in trouble and asks for money. If unsure, contact your family member through another method. | ||
|
|
||
| ### Heartstring Scams | ||
| These scams prey on your compassion, asking you to send money to help victims of various causes. Check CharityWatch to verify unfamiliar charities. |
There was a problem hiding this comment.
Suggested change
| These scams prey on your compassion, asking you to send money to help victims of various causes. Check CharityWatch to verify unfamiliar charities. | |
| These scams prey on your compassion, asking you to send money to help victims of various causes. Check [CharityWatch](https://www.charitywatch.org/) to verify unfamiliar charities. |
|
|
||
| {% include toc.md %} | ||
|
|
||
| Session hijacking is a cyber attack where an attacker intercepts and controls a user's session with a web application. This can occur during various online activities, such as checking credit card balances or shopping. The attacker can then perform any action that the legitimate user could, leading to potential consequences like accessing sensitive information, stealing money, or committing identity theft. |
There was a problem hiding this comment.
Suggested change
| Session hijacking is a cyber attack where an attacker intercepts and controls a user's session with a web application. This can occur during various online activities, such as checking credit card balances or shopping. The attacker can then perform any action that the legitimate user could, leading to potential consequences like accessing sensitive information, stealing money, or committing identity theft. | |
| Session hijacking is a cyberattack where an attacker intercepts and controls a user's session with a web application. This can occur during various online activities, such as checking credit card balances or shopping. The attacker can then perform any action that the legitimate user could, leading to potential consequences, like accessing sensitive information, stealing money, or committing identity theft. |
|
|
||
| ## Passive Session Hijacking | ||
|
|
||
| Passive session hijacking occurs when an attacker eavesdrops on network traffic to steal the target’s session ID. This type of attack is easier to execute because all an attacker needs is access to network traffic, which can be easily accomplished if they are on the same network as the target. This is why it is recommended to be extra careful especially when utilizing public wifi for places, such as coffee shops and airports. |
There was a problem hiding this comment.
Suggested change
| Passive session hijacking occurs when an attacker eavesdrops on network traffic to steal the target’s session ID. This type of attack is easier to execute because all an attacker needs is access to network traffic, which can be easily accomplished if they are on the same network as the target. This is why it is recommended to be extra careful especially when utilizing public wifi for places, such as coffee shops and airports. | |
| Passive session hijacking occurs when an attacker eavesdrops on network traffic to steal the target’s session ID. This type of attack is easier to execute because all an attacker needs is access to network traffic, which can be easily accomplished if they are on the same network as the target. This is why it is recommended to be extra careful especially when utilizing public Wi-Fi for places, such as coffee shops and airports. |
|
|
||
| Cookies serve several purposes. They help inform websites about the user, enabling the websites to personalize the user experience. For example, e-commerce websites use cookies to remember what merchandise users have placed in their shopping carts. Some cookies are necessary for security purposes, such as authentication cookies. | ||
|
|
||
| However, cookies can also pose security and privacy concerns. Some viruses and malware may be disguised as cookies. These malicious elements can be used to facilitate session hijacking, a type of cyber attack where an attacker intercepts and takes control of a user’s session with a web application. This can be done actively, where the attacker takes control of the target’s session while it’s active, or passively, where the attacker eavesdrops on network traffic to steal the target’s session ID (Or session token). |
There was a problem hiding this comment.
Suggested change
| However, cookies can also pose security and privacy concerns. Some viruses and malware may be disguised as cookies. These malicious elements can be used to facilitate session hijacking, a type of cyber attack where an attacker intercepts and takes control of a user’s session with a web application. This can be done actively, where the attacker takes control of the target’s session while it’s active, or passively, where the attacker eavesdrops on network traffic to steal the target’s session ID (Or session token). | |
| However, cookies can also pose security and privacy concerns. Some viruses and malware may be disguised as cookies. These malicious elements can be used to facilitate session hijacking, a type of cyberattack where an attacker intercepts and takes control of a user’s session with a web application. This can be done actively, where the attacker takes control of the target’s session while it’s active, or passively, where the attacker eavesdrops on network traffic to steal the target’s session ID (Or session token). |
| ### Example of a compromized account scam | ||
| <details markdown="1"> | ||
| <summary markdown=span> | ||
| _An example of one of these compromized account scams can be found by clicking here._ |
There was a problem hiding this comment.
Suggested change
| _An example of one of these compromized account scams can be found by clicking here._ | |
| _An example of one of these compromised account scams can be found by clicking here._ |
| When you receive a link, especially in an unsolicited message, it’s important not to click on it impulsively. Instead, take a moment to inquire about its content and purpose. This precaution can help you avoid landing on a fraudulent page designed to mimic a legitimate website. If you have any doubts about the authenticity of a site, take the time to cross-verify the link with the official site. This step can help confirm the legitimacy of the site and protect you from potential phishing attempts. | ||
|
|
||
| ### Updating Browser and Antivirus Software | ||
| Keeping your operating system and web browser updated is a key aspect of maintaining system security. Software updates often include patches for known vulnerabilities, which can significantly reduce the risk of a successful cyber attack. An updated system is less susceptible to malicious code execution, providing a safer environment for your online activities. |
There was a problem hiding this comment.
Suggested change
| Keeping your operating system and web browser updated is a key aspect of maintaining system security. Software updates often include patches for known vulnerabilities, which can significantly reduce the risk of a successful cyber attack. An updated system is less susceptible to malicious code execution, providing a safer environment for your online activities. | |
| Keeping your operating system and web browser updated is a key aspect of maintaining system security. Software updates often include patches for known vulnerabilities, which can significantly reduce the risk of a successful cyberattack. An updated system is less susceptible to malicious code execution, providing a safer environment for your online activities. |
|
|
||
| ### Implementing Multi-Factor Authentication (MFA) and utilizing password managers | ||
| Multi-Factor Authentication (MFA) is a highly recommended security measure that adds an extra layer of protection to your online accounts. By requiring verification from another device during sign-in, MFA significantly increases the difficulty for unauthorized users to gain access to your accounts. More details of MFA can be found in our [Multi-Factor Authentication wiki article](/docs/safety-security/mfa). Popular apps of MFA include, but are not limited to: | ||
| - [Steamguard](https://help.steampowered.com/en/faqs/view/06B0-26E6-2CF8-254C) (For Steam only) |
There was a problem hiding this comment.
Suggested change
| - [Steamguard](https://help.steampowered.com/en/faqs/view/06B0-26E6-2CF8-254C) (For Steam only) | |
| - [Steam Guard](https://help.steampowered.com/en/faqs/view/06B0-26E6-2CF8-254C) (For Steam only) |
|
|
||
| Setting up 2FA or MFA is an excellent safety precaution to prevent attackers from logging in to the account. You can review setup of MFA and others [above in the "Implementing Multi-Factor Authentication (MFA) and utilizing password managers" section.](/docs/safety-security/tech-scams#implementing-multi-factor-authentication-mfa-and-utilizing-password-managers) | ||
|
|
||
| Using [password managers](/docs/safety-security/pw-managers) is also another extra safety precaution we highly recommend to ensure you use different passwords on different accounts. Using the same password for multiple accounts is bad practice and can lead the attackers to access other accounts on other services. |
There was a problem hiding this comment.
Suggested change
| Using [password managers](/docs/safety-security/pw-managers) is also another extra safety precaution we highly recommend to ensure you use different passwords on different accounts. Using the same password for multiple accounts is bad practice and can lead the attackers to access other accounts on other services. | |
| Using [password managers](/docs/safety-security/pw-managers) is also another extra safety precaution we highly recommend ensuring you use different passwords on different accounts. Using the same password for multiple accounts is bad practice and can lead the attackers to access other accounts on other services. |
|
|
||
| ### 1. Terminate sessions on the accounts and resetting passwords | ||
|
|
||
| The first step is to reset password and terminate sessions from said accounts. Steps to do so, including how to terminate sessions from common services and applications can be found [here](/docs/safety-security/session-hijack#terminating-sessions-from-services). |
There was a problem hiding this comment.
Suggested change
| The first step is to reset password and terminate sessions from said accounts. Steps to do so, including how to terminate sessions from common services and applications can be found [here](/docs/safety-security/session-hijack#terminating-sessions-from-services). | |
| The first step is to reset passwords and terminate sessions from said accounts. You can learn how to do so, including how to terminate sessions from common services and applications can be found, [here](/docs/safety-security/session-hijack#terminating-sessions-from-services). |
Mr-KayZ
changed the title
|
Refer to this message here to see how to fix it later: https://discord.com/channels/749314018837135390/1071069467955703888/1266453384769179731 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Work in progress to fix #291
TODO sections are marked for proper fix later. This PR is just to allow others to see my progress and make comments.