Craig Hays

You are here: Home / Archives for Cybersecurity Research

Cybersecurity Research

Why More Than Half of Email Phishing Leaks Happen on Mobile Devices

By Leave a Comment

Reading Time: 5 minutes

Over 60 percent of people who are phished by email are phished on mobile devices. This is why it happens and what you can do about it.

mobile phishing
Photo by Rasheed Kemy on Unsplash

Why Mobile Devices are More Prone to Phishing

I’ve sent a lot of phishing emails. All with good intentions I must add. While reviewing the results, one of the most surprising things that I discovered was that the majority of people who fall for phishing tests (and therefore real phishing attacks) are using mobile devices. In my experience, 60% of those who are successfully deceived are victims of mobile phishing.

These are my conclusions as to why this is true and recommendations on what we can do to help people stay safe online.

[Read more…] about Why More Than Half of Email Phishing Leaks Happen on Mobile Devices

What Happened When I Leaked My Server Password on GitHub.com

By Leave a Comment

Reading Time: 7 minutes

I deployed a honeypot and ‘accidentally’ leaked a valid SSH username and password into a GitHub repository. This is what happened over the next 24 hours.

Github SSH Honeypot
Photo by Arwin Neil Baichoo on Unsplash

Searching for juicy information in GitHub repositories is nothing new. In the past, I’ve written about mining GitHub for sensitive information and contributed to open source projects that help to automate this process. Having used this technique as an ethical hacker, I was curious to see what it looks like when criminals do it for real with malicious intent.

[Read more…] about What Happened When I Leaked My Server Password on GitHub.com

Inside a Real SMS Phishing Attack (Smishing)

By 4 Comments

Reading Time: 8 minutes

SMS based phishing attacks (Smishing) are a real threat that we see every day. To help you spot them in future, this is how they work.

The start of an SMS Phish (Smish)

A Phishing/Smishing Attack In Action

At 17:52 pm today I received a text message from my mobile phone network, ‘EE’. I picked up the message at 18:08. This is what it said:

[Read more…] about Inside a Real SMS Phishing Attack (Smishing)

Craig Hays