cyber-security-blog-banner

Your Clicks Can Be an Attacker’s Tricks – Cyber Security Specialist Gautam Mayekar’s Insights

“Trust, trust is the most vulnerable trait a human can have” – Imsohacked.

There is a reason why Gautam used this line in his first book from the Hacker series and he continues to stress on the same as he writes more fictional stories based in the hacker world.

Being in cyber security domains, he has been exposed to a variety of real-world hacking scenarios and the most exploitable and damaging ones have been those with user involvement. Also an ethical hacker, Gautam shares some insightful tips for all on how to be safe in this virtual world. 

It’s not just a click

What happens when you click on any URL or any button on the internet? A chain reaction. It sets of multiple requests and responses behind the scene to actually hit the resource that is present somewhere out there on the server and present it to you. The server is most often in the control of the provider of those resources. But it’s the front end that can potentially change. Now, what if the attacker manages to present to you a crafted user interface?

And that’s exactly what the attackers do to exploit your click, your trust, and then potentially steal your secrets or/and carry out malicious actions which you would have never indented to.

Common web attacks

There are many web application vulnerabilities that are leveraged by the attackers depending on the system they are onto. But the major ones which are interesting for our current topic of discussion are: (1) Click Jacking (2) Cross-site Request Forgery (3) Phishing.

Click Jacking is the malicious practice of manipulating a website user’s activity by concealing hyperlinks beneath legitimate clickable content, thereby causing the user to perform actions of which they are unaware. Even the mighty Facebook suffered from this issue. You can read more about it here – An Example Of Likejacking (Facebook Clickjacking) | Zscaler

Cross-site Request Forgery is a type of malicious exploit of a website where unauthorized commands are submitted from a user that the web application trusts. An attacker tricks innocent victim into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user’s account. Many applications and websites have been vulnerable to CSRF attack in past, including the giant NETFLIX. (CSRF- Netflix and Youtube are victims of it | by Beribey | Medium)

Phishing got its name from “phish” meaning fish. It’s a common phenomenon to put bait for the fish to get trapped. Similarly, phishing is an unethical way to dupe the user or victim to click on harmful sites. The attacker crafts the harmful site in such a way that the victim feels it to be an authentic site, thus falling prey to it. The most common mode of phishing is spam emails that appear to be authentic. As per 2020 study, Phishing is by far the most common attack performed by the attackers.

How security professionals are preventing them

Ethical hackers try to find these attacks in their in-house lab environment and inform the respective app owners or developers with whom they are either contracted with or freelancing. There are also many bug bounty websites that have come up where in you can responsibly disclose any such issues that you find.

Some of the key areas to note here:

  1. Having a simple header checks can prevent such attacks – Web applications should include security headers in their requests/responses for eg. X-frame Options -DENY, Referer and so on.
  2. Including a token with web requests can add an extra layer of defence and help identify legitimate requests which were meant to originate from victim’s clicks.
  3. Design reviews can help identify the broken access control and counter these exploits via clicks. For example, for a changing-password feature, having an additional dialogue box asking for the old password or something like “Do you really want to change the password?” can add two-layered defence.

How can we, as users, stay safe?

Knowing how developers can try and strengthen websites, it ultimately boils down to how a user thinks and clicks. Some of the points that we can note during browsing are:

  1. Double check the URL or the website link which you are clicking, confirm whether it is a legitimate one.
  2. Whenever you receive an email or SMS asking you to click on some links or provide certain information, do a Google check to verify legitimacy.
  3. Always make sure you do your banking transactions in a different browser than the one in which you browse generally.
  4. Sometimes, the URLs are garbled. For examples, in a phishing scam, Indigo.com was written as !ndigo.com. Look out for these discrepancies and make sure you are logging into the correct website.
  5. Never reveal any secret token (OTP’s, Passwords, ID’s, etc.,) over a phone call or email, unless it is from the source where it is originated.
  6. Check for the email message digest and verify the authenticity of the signatures.

In addition to working as a Lead Security Engineer at John Deere, Gautam loves weaving stories around India’s cyber secrets. With 2 books released and selling well on all leading platforms and the third book of the trilogy in creation, he makes the readers immerse into the cyber world through blending technical and complex concepts with engrossing stories.

One thing he always urges everyone to remember: Your click is important, use it wisely.

f
1942 Amsterdam Ave NY (212) 862-3680 chapterone@qodeinteractive.com
[contact-form-7 404 "Not Found"]
Free shipping
for orders over 50%
Debashis Biswas

With more than 15 years of experience in book sales and distribution, Debashis currently oversees Leadstart’s business activities in eastern India and neighbouring countries. He has previously worked with several leading book publishers and distributors.

Walid Jalal

Walid has 7 years experience in online listing & marketing Working in SEO firm & Publishing sector. He worked in a Restaurant as a Manager in Sharjah for two years. He loves cricket & cooking.

Jayati Sarkar

Jayati has been into literature studies and has pursued her Mphil in Australian Aboriginal Poetry from the University of Calcutta. She is an avid reader and her love for books has brought her to the field of Publishing. For years she has explored the other side of the book as a reader and now she works with Leadstart as the Senior Executive in the Editorial Department. Her work profile includes working closely with Authors, managing the projects from end to end and also working with national and international publishers for management of Secondary Rights.

Ashwini Jadhav

Ashwini has about a decade’s experience in design. She is a Master of Commercial Art, who has worked in the publishing and advertising sectors as a visualiser & designer. She was judged as the third best in the state, when she finished her foundation course in applied art. She is a practicing calligrapher in Modi Lipi (a script in the Marathi language) and is a Rangoli artist who has won several accolades in those domains. During the popular Ganesh Chaturthi festival, several idols of Ganesha in varying sizes get made, one the most important finishing touches to the idol is that of painting the eyes, which Ashwini has practiced to perfection and does it for hundreds of idols every year. In addition to the above, she is also a trained classical dancer, a national level Kabaddi player and loves cooking.

Ananya Subramanian

Graduation in journalism and love for books, led Ananya to take up a career in publishing. With her experience in the field, she has come to believe more and more in the power of stories and the people who tell them. She is a vegan and an animal-lover; and loves to dance, tend to her pet plants and often find solace in solo travelling.

T. Vijay Kumar

Vijay has over a decade’s experience in supply chain management working in India and the Middle East. He heads the production, supply chain and receivables management for Leadstart. Prior to his current role at Leadstart, Vijay worked in inventory management for five years, in Abu Dhabi.

Iftikar Shaikh

Iftikar has a decade & half years of experience across publishing and the banking sectors in the finance domain. He enjoys working on numbers and loves uncovering stories that the numbers tell. A fitness enthusiast, he loves trekking and travelling.

Maneesha Arun

Maneesha has an experience of over two decades in the content industry spanning over publishing, media and secondary rights business domains. She has a deep interest in psychology.

Mahendra Rawat

With more than a decade’s experience in book sales and distribution, Mahendra comes from a family immersed in the book trade. He worked with several book distributors and publishers before his current assignment with Leadstart.

RAJESH KRISHNAN

With more than 15 years of experience in book sales and distribution, Debashis currently oversees Leadstart’s business activities in eastern India and neighbouring countries. He has previously worked with several leading book publishers and distributors.

Rajesh Krishnan

Rajesh comes with over 3 decades of experience spread over various business domains. He oversees Leadstart’s business development & sales across southern & western India, Sri Lanka and Middle-East. His hobbies include dancing, trekking and travelling

Pooja Dutt

Pooja has over a decade’s experience in operations, sales and people management in various business domains. She loves to interact with authors and helps them meet their publishing goals. She is fond of travelling & cooking.

Bhavika Bharambe

After completing her MBA in marketing, Bhavika has focused on roles that helped her to become an experienced marketing professional today. She has worked for brands from various industries; Educational, Tourism, Retail, Entertainment, Airlines, Banking and more. She loves to spend her time by reading books and listening to music.

Naina Solanki

Naina leads the project management and author support functions at Leadstart Publishing. She is fond of being abreast of the latest developments in technology and is a keen learner of the six sigma methodology. She loves reading and travelling.

Preeti Chib

Preeti has a decade’s experience in brand and communication management with most influential and innovative media companies. She is passionate about building brands by translating consumer insights into product innovations and campaigns. She is a compulsive reader and considers a day gone without some bit of reading a day wasted. She loves reading stories to her children every night. A lover of visual art, to delve a bit deeper into the same, she took up formal training for design as well.

Malini Nair

Malini is passionate about Literature and Business Management. After her MBA (Marketing) from St. Xavier’s, she took up roles that involved sales, marketing, costing, MIS etc. in multiple sectors like Banking, Insurance, E-broking, and even the Steel industry. Eventually, her passion for languages and books compelled her to re-route her career to literature. This led to a career break and a Masters Degree in English Literature; post which she took up a role at Wordit CDE & Leadstart, enabling her to work towards both her passions.

Chandralekha Maitra

With two decades of experience as a book publishing professional, Chandralekha began her career as a features writer and columnist, working with publications across India, before moving into book publishing full time, with India Book House. She received her training in editorial title management from Book House, London. Over the years she has worked with some of the finest publishing houses in India and overseas, and across genres and markets. She has also worked with Osian’s-Connoisseurs of Art, India’s first auction house, gaining in-depth exposure to research and publishing in the fine arts-antiquities-cultural heritage genres. Additionally she has had a parallel, specialist career in Human Resources, working at Group HR, Tata Group, among others. She continues to write, train and mentor in this domain as her publishing commitments allow.

Raj Supe

Aka Kinkar Vishwashreyananda, Raj Supe is a poet, storyteller and novelist, as well as a seeker and devotee of Sri Sitaramdas Omkarnath. An MBA by education, his career spanned advertising, research and creative consulting, before devoting his time to literature and spirituality. His works include Three No Trumps (novel), Sagarika Anusagarika [Echoes of Nine Rivers] (poetry), Pilgrim of the Sky (spiritual memoir), and translations of religious texts such as Cloudburst of A Thousand Suns and Jai Jai Ram Krishna Hari. He has also worked on film scripts with Ram Gopal Verma and Ashutosh Gowariker, and on plays with Makarand Deshpande.

Dr. Rabindra Kumar Nanda

An alumnus of IIT Kanpur, Tata Institute of Fundamental Research and Stanford University, Dr Nanda is also a National Science Talent Search Scholar. He holds five Patents and is a published author of 50 national and 52 international research papers.

Swarup Nanda

Swarup has over a decade and half’s experience in multiple business domains related to content. Prior to his entrepreneurial ventures, he has worked with a couple of MNCs in the media space. His passion for literature and books is his motivation for building Leadstart.