Craig Hays

You are here: Home / Bug Bounty Hunting / Bug Bounty Tips #4, Covid-19 phishing, and more

Bug Bounty Tips #4, Covid-19 phishing, and more

By Leave a Comment

Reading Time: 2 minutes

Craig’s Newsletter – March 16, 2020 Edition

Craig Hays

Hi All!

Here’s a little update on what I’ve been doing since we last spoke.

What I’ve Been Writing

Since the last update I’ve published my 4th in a series of bug bounty hunting tips:
Bug Bounty Hunting Tips #4 — Develop a Process and Follow It. You can read it for free on craighays.com or if you’re a medium.com member you can support me by reading it there.

What I’ve Been Seeing

The whole world has gone Coronavirus mad. Toilet paper is the new currency and cybercriminals have the answer to your prayers.

Phishing attacks are always happening. Today, criminals are cashing in on the Covid-19 fear, promising an easy cure, one attachment or set of login credentials at a time. Emails look like they’re coming from the World Health Organisation, Center for Disease Control, or other genuine medical organisations, but of course, they’re not.

While there’s no meat-space anti-virus for coronavirus yet, the best way to battle the spam is to simply quarantine anything that mentions any of the phrases:

  • Corona
  • Coronavirus
  • Covid-19
  • SARS-CoV-2
  • CDC
  • Center for Disease Control
  • WHO
  • World Health Organisation

On second thoughts, that rules out this email instantly, but better safe than sorry!

What I’ve Been Doing

I’ve been digging into user behaviour analysis to determine: which people, do what things, and when they do them. If you have a large number of email users, chances are some of them send and receive a lot of emails, and others will make you question if they’re actually still employed. 

With working patterns changing drastically thanks to The Worlds Largest Ever ‘Working from Home’ Experiment, trusted IPs, devices, and usage patterns have just gone completely out the window. Once I’ve finished I’ll write an article on what I did, what I found, and what I did about it, but that’s all still a work in progress. Have a think about how this change in behaviour will affect your employees, your organisation, and how you protect them both.

What I’m Doing Next

The Avengers of the medical world are recommending self-isolation or ‘social-distancing’ as a method of keeping the spread of Corvid-19 at a manageable rate. Self-isolation is something I consider myself an expert at so I’m really excited about this opportunity. 

In response, I’ve had my piano tuned, bought parts to fix that 10-years-broken guitar in my office, and taken up bug bounty hunting again. Since I can’t go anywhere, it’s a great opportunity to spend time with my family and learn some new stuff. I have Bug Bounty Hunting Tips #5 in progress which I’ll post as soon as I can. If there’s anything else you’d like me to talk more about just let me know.

Stay safe, and please remember what’s important in life,
Craig

Newsletter

Want to get smarter about cyber security? Join my growing list of newsletter readers for exclusive news, reviews, how-tos, and more.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Craig Hays