NACSS Futminna

12/10/2022

09/10/2022

You’ve heard the phrase “give and take” or “tit for tat” or you scratch my back, and I'll scratch yours", and "one hand washes the other". All these phrases mean “quid pro quo” which also mean the exchange of goods or services in which a transfer is dependent on another; "a favor for a favor" (“Definition of QUID PRO QUO,” n.d.). That is the literal meaning of quid pro quo. When it comes to cyber security, the meaning changes s little. So, what is quid pro quo?

Quid Pro Quo is a form of social engineering attack that only needs little technical knowledge and excellent manipulation abilities. This means almost anyone can craft this type of attack.

Even though the entire process of carrying out a Quid Pro Quo attack might be time-consuming, inexperienced or non-technical hackers frequently use this attack vector. All they have to do is call targets who aren't expecting them while posing as technical experts.

The scariest thing about a quid pro quo social engineering attack is that most times, it’s not the final component of an attack; It's frequently a gateway that attackers utilize to get additional exploitative tactics into the business or victim.

You should take security precautions, just like with other forms of social engineering, to protect yourself and your sensitive information.

Adopt a cautious attitude, nothing is ever free. And if it’s too good to be true, then it probably is.

Never share accounts or personal information unless you started the conversation. Change your password after a potential intervention where you may have provided your login information to stop further use.

Cyber threats and cybersecurity must be understood by every member of your staff.

Every time a website or program provides two-factor authentication (2FA), enable it.

07/10/2022

The world is now a little village where we can all meet have fun, and all that online. As good as all these may sound, there are people out there using this social media to befriend others, pretend as if they are in a romantic relationship with them, defraud them of their money and disappear that is a practical honeytraps.

Honeytrap is an investigative practice that uses romantic or intimate relationships for an interpersonal, political, or monetary purpose to obtain sensitive information.

Honeytrap is more dangerous than it sounds, it has been used and is still used for espionage (the practice of spying or of using spies, typically by governments to obtain political and military information). Social engineering is basically based on human emotions, emotions are a fundamental attribute of every human being, that’s why social engineering works like magic, honeytrap is a type of social engineering that feeds on the fact that as humans we want love, of course, love is a good thing, but for an attacker is just another good tool that he/she can leverage, a vulnerability to exploit.

The attackers usually create some female accounts on social media platforms, then befriend their target, gain their trust, convince them that they are in love, then finally exploit the relationship by asking the target to spill some secrete or extort money from their target. Today honeytrap has moved beyond creating a female account online, attackers know that older women are trying to find love using these social media platforms, and they use this knowledge to their advantage, they create a male account, befriend those women, convince them that they are in love then exploit the trust for financial gain.

The Rajasthan Police detained an Indian Army jawan from a tank unit in Jaisalmer in January 2019. He allegedly shared vital military secrets to Pakistan-based ISI operators on social media after being lured honey trapped by them.

Self-discipline is key to counter honeytraps.

06/10/2022

WHALING
Speak of the attack for the big boys!
Whaling is simply the hunting of whales for blubber (which can be used to produce a specific type of oil that was very important in the industrial revolution. This sounds like some historical activity and has nothing to do with cyber security, but here is the thing, it does!
In Cyber Security, what is whaling?

Whaling is a highly targeted phishing attack that essentially acts as a legitimate email and targets senior executives. Whaling is a type of digitally enabled social engineering fraud that encourages victims to perform a secondary action, such as orchestrating a wire movement of money.

Like other social engineering attacks, whaling emails usually gives its target a sense of urgency. But unlike other social engineering attacks, whaling deals with a specific target. This means the attackers usually gather as much information as possible on the target executives and the organization they are working with.

Although attackers can be crafty while creating whaling emails, they usually change the spelling of the domain name they are spoofing. Checking to make sure the spelling is correct can help detect whaling attacks.

We hereby strongly advise Nigerian Organization to invest in security awareness training for their top management to help them recognize security threats. Senior management, critical employees, and the finance teams should all receive this training. Employees should be instructed not to open unsolicited attachments, to confirm requests via a different channel or in person, and to check the sender's domain name. Additionally, regularly test employees by staging mock whaling attacks (as well as other social engineering attacks).

Pay attention to all Cyber Security recommended practices, stay alert, subdue your curiosity, and stay away from Cyber Crimes.

05/10/2022

SCAREWARE
Let's start with an instance, of yourself surfing the internet, and all of a sudden, a pop up covers your screen and tells you has been scanned and several malwares detected. This pop-up also tells you to download a software ASAP and attaches the link to do that. It makes you believe your system is in a critical situation and could crash the next second if you didn't install that software.

Scarewares would arguably get all typical Nigerian parents 😂 but we hope you take this education to them

Scareware is a type of malicious software that contains ransomware, rogue security programs, and other scam applications that fool users into thinking their computer has a virus before urging them to download and pay for false antivirus software to clean it up. Usually. the virus is fictional and the software is non-functional or malware itself.

Scarewares are sometimes not easy to close (as you would a normal pop-up) because they're designed to make you believe the notification is from the Operating System itself; they could alter the user's desktop background, add icons to the notification area of the computer (under Microsoft Windows), etc.

PS: The phrase "winwebsec" is typically used to refer to malware that targets Windows users and makes false claims that are similar to those made by real anti-virus programs.

Reputable antivirus manufacturers don't use fear to collect data.

When you suspect a scareware attack, we recommend you;
- Disconnect the impacted device from any networks and turn off WiFi and internet access.
- Perform a thorough security check with a reliable antivirus software vendor to search for malicious files and recognized dangers like Trojans, viruses, and spyware.
- For further instructions if you are using a company-owned device, get in touch with your IT department right away.

Pay attention to all Cyber Security recommended practices, stay alert, subdue your curiosity, and stay away from Cyber Crimes.

04/10/2022

BAITING

Aside from being offered some penny as bribe to vote in the wrong set of people into power, Nigerians face other different forms of Bait Attack in the country. In Cyber Security, What is Baiting?

Baiting is a social engineering technique in which a target is persuaded by a false promise that appeals to their curiosity or avarice. A quick common example is when an attacker leaves a USB stick with a harmful payload in a lobbies or parking lots in hopes that someone will put it into a device out of curiosity, at which time the malware it contains can be deployed.

However, it has evolved from leaving USB sticks to many dangerous unsuspecting activities. It is common in Twitter NG space to see posts of some website promising to give you an international job that pays hundreds of dollars. This job description might be just to click links, read web posts, and other jobs that do not worth that pay.
Technology has made work from home very easy and also possible to get hundreds of dollars working online (and this is popularly growing rapidly in Nigeria in the last few years), this has made baiting more dangerous as it might be difficult to detect. Well, if it's too good to be true, it probably is.

This is one of the reasons it's very important to have a strong antivirus program installed on all your devices.
We advise you don't use external devices until you've scanned them and they're safe.
Be vigilant and cautious when receiving communications that demand immediate action. You could ask who they are first, and try to get to know them or use other forms to break the urgency in the conversation.

Baiting is a severe problem that harms people and organizations, just like other social engineering tactics. An effective baiting attack can ruin a company's reputation, result in financial losses, or both.

Pay attention to all Cyber Security recommended practices, stay alert, subdue your curiosity, and stay away from Cyber Crimes.

03/10/2022

The term "Phishing" refers to a fraud in which criminals try to obtain sensitive information from financial or personal accounts by sending false electronic messages to unwary recipients in order to deceive them into revealing personal data.

In Nigeria, Phishing is a proven form of Social Engineering that hackers have successfully used to gain personal information from unsuspecting victims. Aside emptying their victim's banks, these attackers use these information they've gotten to form a fake identity copy of their victims, impersonating them and going on to affect their victims' personal friends and family at large 💔

Victims of phishing attacks usually lose more than just money or privacy. Many of them become victims of Cyber Bullying, BlackMail, Harassment, and they equally lose friendships and trust when these attackers use their identity to perform all sorts of crimes, which can also land them in jail. 😥

Therefore, we strongly recommend that you avoid clicking links in E-mails. We say, "let your first instinct be to ignore that link, then you can think about it". And by that, we mean, you open the email in a web browser, take note if the starts with "https", take note of the URL very carefully and compare with the original source that you trust. Any slight difference is a RED FLAG 🚩

We also recommend that you install Phishing add-ons. Nowadays, the majority of browsers allow you to download add-ons that detect the telltale characteristics of a fraudulent website or warn you about well-known phishing websites. There is no reason not to have this installed on every device in your company since they are typically entirely free.

No matter what, don't submit your info to a site that doesn't start with "HTTPS".

Aside many other helpful countermeasures, we advice you install a firewall, regularly change your passwords, regularly update your softwares for security patches, generally ignore pop-ups, and have a strong Security Policy.

02/10/2022

All over the world, we see hackers as people with hilarious masks, 👻 sitting for hours behind a large dark-green-themed screen, 👨🏾‍💻 and using the fastest typing speed known to man in the history of the world, to break into systems. 😥

As Naija Students, all we can say is "LMAO, you don't know about it". 🌚

Because we're focused on Eradicating Cyber Crimes from Nigeria, we will discuss Social Engineering today with instances from Nigeria but this is helpful for all races. 🤝🏾

Social Engineering has proven that a hacker doesn't need those unreal things to break into your system and steal or destroy your valuables. All they need is YOU. Just, Y.O.U. *~laughs hysterically~* 🎭

LOL, but it's the truth. Social Engineering is when a malicious person tries to gain access to your property through you. In Nigeria, these attackers can go to so many viewing centres, to view matches, and make new friends, and exchange contacts, then they begin to invest in each of these new relationships, with hope to have one "glorious moment" of knowing your secrets, which can give them what they want, and then they JAPA.

Aside from these attackers being Barcelona fans when they're with Messi and Real Madrid fans when they're with Ronaldo, there are many forms of Social Engineering going on in Nigeria and beyond.

We hope to open your eyes to as many of these attacks as we can, recommending trusted ways to stay safe from such attackers. Please, follow us and engage on this post and wait for our updates from tomorrow.

For now, all we can say is "open your eyes wide, not all things in the water are Fishes". Well, depends on if you consider a Shark to be a Fish, haha 🤭😂😉

02/10/2022

Stay Safe, avoid http if it is not HTTPS 🧏🏾‍♂️

Nne, the padlock and the ‘s’ you see in your browser’s search bar are not just there to sit pretty (smirk emoji). Those are signs that you are in a safe and secure site (caution emoji).

Be wary of a site URL (links) that goes http://www…… Those are deep, dangerous waters Emeka(water emoji). A third party can always access any information you provide on such sites.

Don’t ignore these signs!!!

01/10/2022

Independence is a symbol of Sovereignty, over your life, decisions and resources. And today, Nigerians all over the world are celebrating their Independence from the Great Britian 62 years ago on October 1, 1960.

We join all Nigerians to celebrate this great event, and wish them an eternal independence as well. 🎉🎉

However, it comes with many responsibilities. Nigeria as a Nation has been responsible for the direction it has taken in the past 62 years and many Nigerians have grown bitter at the government over the years. This is because they think the government have not done what they were supposed to do, including maximizing the nation's natural resources and other important right decisions. ⚱️

Nevertheless, it is also not a secret that Nigerians themselves have played a big part in the presumed downfall of the Nation. Same reason, they have refused to take some important right decisions in their own personal lives which have in turn affected the nation at all. We will give instances.

Nigerians are arguably the top users of the Social Media, on the known platforms and even some unpopular social media platforms as well..

Yet, an average Nigerian uses his phone number as his password. Most Nigerians use the same Password for ALL their Social Media Accounts and this has INEVITABLY led to hackers stealing their identity, using their identity to perform all sorts of Crimes and destroying people's lives and properties. 🤦🏾‍♂️

Hitherto, most Nigerians have refused to use 2FA authentication on their accounts, strong passwords (which include small letters, capital letters, numbers and symbols, at least 8 characters) and many other Cyber Security recommended measures.

October is the Cyber Security Awareness Month globally.

Therefore, we, the National Association of Cyber Security Science Students, FUTMINNA has taken it upon ourselves to tackle these Cyber Threats. Follow our Pages on all platforms and be a part of the Campaign that starts fully tomorrow. 📌

21/04/2020

*🛡 📡🔐NATIONAL ASSOCIATION OF CYBER SECURITY SCIENCE STUDENTS (NACSSS)🛡 📡🔐*

*CYBER GIVEAWAY🤪💃🏼*

In cooperation with *Trend Micro* as a strategic partner, *CyberTalents* is organizing another round of this course in Nigeria to provide participants with the needed knowledge and background that enables them to engage in *capture the flag hacking contests*. You only need to have basic knowledge in Network, Programming, and Operating Systems.
➖➖➖➖➖➖➖➖➖➖
*Training Modules:*

- CTF Basics
- Web Security Challenges
- Malware Analysis Challenges
- Digital Forensics Challenges
- Crypto Challenges

Spread the word and invite your friends so you can all get the benefit. The more your friends to mention your username in the registration form, the higher the opportunity to confirm your seat:

*Register Now: https://buff.ly/2V55BJa*

➖➖➖➖➖➖➖➖➖➖

*Course Duration⏰:* 6 Live Online Sessions (4 Hrs/Session)
*Deadline for Registration⏱️ :* 25th 0f april 2020
*Course start on🗓️:* 2nd - 7th May 6pm -10pm daily.

*NOTE‼️:* you must have registered on the cyber talent platform, to do so click on the link below:
https://cybertalents.com/register/member

Thanks

AYODELE, Ernest Oluwatobi
Cyber Talent Ambassador

*Please rebroadcast*