Social Networks &

Web Application Security Measures

in light of COVID-19

Dr. Neha Bajpai

प्रगत संगणन विकास केन्द्र

Centre for Development of Advanced Computing
अनुसंधान भवन, सी-56/1, संस्थागत क्षेत्र, सैक्टर- 62, नोएडा- 201307 (उ.प्र.) भारत
Anusandhan Bhawan, C-56/1, Institutional Area, Sector- 62, Noida- 201307 (U.P.) India
 What is Social Networking ?

• A social networking service is an online

platform used to build social networks
or social relations with other people
who share similar personal or career
interests, activities, backgrounds or
real-life connections.
 Types of Social Networks
CAREER & ONLINE ONLINE
SOCIALIZING BUSINESS MATCH SHOPPING
OPPORTUNITIES MAKING SITES

FACEBOOK LINKEDIN SHAADI.COM AMAZON

INSTAGRAM NAUKRI.COM BHARATMATRI FLIPKART

MONY.COM
WHATSAPP MEETUP MYNTRA
MATCH.COM
SNAPCHAT XING

TWITTER
 Use of Social Networking
• Meeting people online across the world.
• Making friendship with the people who are far away
• Profile building
• Self representation
• Exchanging / Sharing the information related to
studies or education, current affairs, sports,
business, transport, movies, latest news updates,
event announcements, exchanging the thoughts etc.
• Share the data files, videos, music, photos, etc.
Social Networking Risks and
Challenges
 FAKE CONTENT
• Include footage of real or simulated violence,
criminal activity or accidents, may promote
extreme political or religious views .

• Fake digital content may be discovered online

in a variety of spaces including websites, social
media services or file sharing services.
 Purpose of Fake Content
• Promote hate towards individuals or groups
on the basis of race, religion, sexual
preference or other social/cultural factors,
instruct or promote crime, violence or
unsafe behavior, gaining unauthorized
access to computers, attempting fraud or
terrorism, for fun purpose, etc.
SOME RECENT FAKE NEWS
CASES
SOME RECENT FAKE NEWS
CASES
SOME RECENT FAKE NEWS
CASES
SOME RECENT FAKE NEWS
CASES
 TinEye
• TinEye is a reverse image search engine.

• Give it an image and it will tell you where the

image appears on the web.

LINK: https://tineye.com/
 HOW TO DETECT ANY FAKE,
SCAM NEWS ON WHATS APP ?
CHECKPOINT TIPLINE
• Facebook-owned WhatsApp has launched a new platform to address
the issue of fake news.
• ‘CheckPoint Tipline’ allows WhatsApp users to submit uncertain
information or rumors they have received on WhatApp.
• The complaint can be submitted on Checkpoint Tipline WhatsApp
account under the mobile number +91-9643-000-888.
• This tipline will help to create a database of rumors to study
misinformation.
• The response will indicate if information is classified as true, false,
misleading, disputed or out of scope and include any other related
information that is available.
 WhatsApp Security
• WhatsApp is the favorite medium for hackers.

• Malware scripts embedded in photos & videos

received on WhatsApp can access your media
gallery, contacts, etc. and transmit them to
remote servers.

• There is a simple way to protect oneself from

such an attack.
Two Step Verification on WhatsApp should also be enabled
 When we are in a big WhatsApp
group, we have a common problem
and risk of low phone space because
of the many images & videos
members share.
To solve this problem we can use a
WhatsApp feature where we can see
the photos in group only without
saving them to our phone.
 Please follow below steps
• Click on 3 dots shown on the right top corner in the group.
• Click on the first option i.e. GROUP INFO
• Three options shown below the group name i.e. mute
notifications, custom notification, Media visiblity
• Click on the third option MEDIA VISIBILITY
• Click on "No" option. Now the media will not be saved in
your phone. but it will display only in your group chats..
• Now that you know....act and inform your other group
members in other groups.
• This feature is only available in Group, not in individuals..
 Facebook Security
• Limit your online friends.
• Change privacy settings to restrict who can see and
post on your profile. Don’t stick with the defaults.

How do we stop people from Posting

on our Timeline?
STEP1: Click on Settings
Here You Can Check Your
Privacy Control
These Actions will ensure that your post
are not shared with strangers
FACEBOOK CLONING
 What is Facebook Cloning?
Facebook cloning describes a technique in
which scammers create a fake Facebook
profile by using images and other information
stolen from a targeted user’s real Facebook
profile.
 WHY WOULD SCAMMERS DO
THIS?
• Once the scammers have created a fake
profile, they can send friend requests to
people on the targeted person’s friends list.

• At least a few of the victim’s friends may

accept this second friend request because
they mistakenly believe that the victim has
accidentally unfriended them.
 HOW TO PROTECT YOUR
ACCOUNT FROM FACEBOOK
CLONING

• Hide Your Friends List

To hide your friends list, open your profile and click

on the “Friends” tab. Then, click the pencil icon on
the right side and click “Edit Privacy”
 HOW TO PROTECT YOUR ACCOUNT FROM
FACEBOOK CLONING
• Run A “Privacy Checkup”
If you click the “Lock” icon at the top right of
your Facebook profile, you can perform a
quick privacy checkup related to your posts,
apps, and, profile. Wherever possible, ensure
that they are all set to “Friends” or “Only Me”
rather than “Public”
 HOW TO PROTECT YOUR ACCOUNT
FROM FACEBOOK CLONING

• View your profile as “Public”

At this point, it’s probably a good idea to see
what your Facebook actually looks like to
somebody who is NOT your friend. To do this,
click the “Lock” icon again then click “Who can
see my stuff”. Now, click the “View As” link
under “What do other people see on my
timeline?”
 HOW TO PROTECT YOUR
ACCOUNT FROM FACEBOOK
CLONING
• Check Who Can See Your Photos
Click the “Photos” tab and open “Albums”.
Some types of album will have an audience
selector that allows you to set all of the images
in the album to “Friends” or “Only Me” in one
click.
 HOW TO PROTECT YOUR ACCOUNT
FROM FACEBOOK CLONING
• Dig into Your Privacy Settings
You can also check and change privacy related settings
via the “Privacy Settings and Tools” section.
 HOW TO PROTECT YOUR ACCOUNT
FROM FACEBOOK CLONING
• Be wary of any friend requests from people that
you are already friends with.
• If you receive one, check your own friends list to
see if you are still friends with the person. If so, the
friend request is likely to be from a cloned
account.
• Alert your friend to the scam as soon as possible
so that he or she can take steps to deal with the
issue.
• E-mail sent by online criminals to trick you
into going to fake Web sites and revealing
personal information
• In other words, It is the criminal attempting
to acquire sensitive information such as
• usernames
• passwords
• credit card details
HOW IT HAPPENS?

https://www.ophtek.com/wp-content/uploads/2018/10/howphishingworks.jpg
LETS SEE SOME TOOLS TO
IDENTIFY FAKE PHISHING
WEBSITES
 How To Identify Fake Phishing
Website?
• Verify the URL of the webpage.

• Check the Padlock symbol.

• Establish the authenticity of the website by

verifying its digital certificate.

• To do so,
 Double click on the Padlock symbol at the upper right or bottom
corner of your browser window.
 HOW TO CHECK A WEBSITE IS
GENUINE OR NOT?
1. GO TO THIS LINK

 http://isea.nitk.ac.in/catchphishdemo/client.html

 CatchPhish Phishing URL Detection tool made by

Information Security Research Lab (ISRL) Dept of
CSE NITK Surathkal.

 Put your website URL & it will tell that a particular

website is fake or genuine.
STEP 1
ENTER THE URL
 HOW TO CHECK A WEBSITE IS
GENUINE OR NOT?
2. Website Reputation Checker
Free website reputation checker tool lets you scan a
website with multiple website services to facilitate
the detection of fraudulent and malicious websites.
• https://www.urlvoid.com/
 FEATURES
• Multiple Blacklists
• Threat Analysis
• Safety Report
TYPE URLVoid
in GOOGLE
 TYPE THE
WEBSITE URL
REPORT SUMMARY
 HOW TO CHECK A WEBSITE IS
GENUINE OR NOT?
3. Nibbler
Nibbler is a free tool for testing websites.
Enter the address of any website and Nibbler
will give you a report scoring the website out
of 10 with details for key areas including
Accessibility, Popularity, URL Format, Amount
of Content, Internal Links, Domain Age and
many more.
https://nibbler.silktide.com/
SEARCH FOR NIBBLER
ENTER URL
REPORT FOR THE SCANNED
WEBSITE
 SCAMS
Online scam is an attempt to trap you for
obtaining money. There are many types of online
scams, this includes obtaining money with fake
names, fake photos, fake e-mails, forged documents,
fake job offers and many more.
Examples:
• Email Scam Like --Congratulations you have won
Webcam, Digital Camera, etc.
• Lottery Scam
• Online Auction
• Job Offers
• Blackmail
 RECENT SCAMS/ATTACKS
AROUND THE WORLD
1. Emotet and Trickbot (Jan 2020 – Mar 2020)
A banking trojan that was updated/upgraded to
include new capabilities, such as info-stealing and
malware delivery.
 RECENT SCAMS/ATTACKS
AROUND THE WORLD
2. Lokibot (Feb 2020)

An info-stealer that collects email credentials

and passwords from browsers, FTP clients
and CryptoCoin wallets.
 RECENT SCAMS/ATTACKS
AROUND THE WORLD
3. Remcos RAT (Feb 2020)
A remote access tool used by cyber criminals
that allows attacker to control a victim’s
system remotely and execute commands.
 RECENT SCAMS/ATTACKS
AROUND THE WORLD
4. Agent Tesla (Mar 2020)
An info-stealer that has keylogging
capabilities for stealing email credentials and
passwords from browsers.
 RECENT SCAMS/ATTACKS
AROUND THE WORLD
5. Formbook (Mar 2020)
An info-stealer that collects victim’s sensitive
information, such as passwords/credentials from
browsers.
 TAKING ADVANTAGE OF
COVID-19
• Scammers posing as health authorities may
offer cures, tests or other COVID-19
information.
• Websites selling fraudulent products.
• Requests for COVID-19 donations to
nonprofits, hospitals or other organizations.
• Scammers using Facebook Messenger to
target victims
 Preventions
1) Keep your computer/endpoints up-to-date with the
latest patches for Microsoft Windows.
2)Avoid clicking on Links in unsolicited mails and be
wary of email attachments.
3)Use trusted sources, such as legitimate Government
websites for up to date and fact based information
about COVID – 19.
4)Do not reveal personal or financial information in
email.
5) Verify a charity’s authenticity before making
donations.
WE ALWAYS USE STRONG & EASY TO
REMEMBER PASSWORD[S]
FOR INTERNET APPLICATIONS

DO YOU ?
 Shoulder Surfing

Brute Force Attack

Dictionary
Attack
 SWITCH TO PASSPHRASE

MY PASSPHRASE
Never judge a book by its cover

nj@66!C

Never judge @ 6ook 6y !ts cover

 SALTING PASSWORD
PASSWORD: nj@66!C

SALT: f1nd1ngn3h@

 SALTED INPUT: f1nd1ngn3h@nj@66!C

You are responsible for safeguarding your ID

and password.
Password Safe Tools
 KeePass
Password Safe
• KeePass is a free open source password manager
helps to manage the passwords in a secure way.
• Passwords are stored in one database which is
locked with a master key.
• Database files are encrypted using the best and
most secure encryption algorithms (AES-256,
ChaCha20 and Twofish).

LINK: https://keepass.info/
 CLICK ON LATEST
RELEASED VERSION
CLICK ON SAVE FILE
CLICK ON FINISH
KEYPASS AFTER
INSTALLATION
 SAVE PASSWORDS FOR
DIFFERENT ACCOUNTS & FILES
 HAVE I BEEN PWNED ?
Have I Been Pwned allows you to search
across multiple data breaches to see if your
email address has been compromised.

LINK: https://haveibeenpwned.com/
 NameChk
• Use Namechk to see if your desired
username or vanity url is still available at
dozens of popular Social Networking and
Social Bookmarking websites.
• Find the best username with Namechk

LINK: https://namechk.com/
 Publicwww
PublicWWW.com allows you to perform searches in multiple
ways -
• Any HTML, JavaScript, CSS and plain text in web page source
code
• Find out who else is using your theme
• Identify sites that mention you
• References to use a library or a platform
• Find code examples on the internet
• Figure out who is using what JS widgets on their sites
 GITHUB
You can find millions of free source code on
Github.

LINK: https://github.com/
 WAYBACKMACHINE
• The Wayback Machine is a digital archive of
the World Wide Web, founded by the
Internet Archive, a nonprofit organization
based in San Francisco. It allows the user to
go “back in time” and see what websites
looked like in the past.

LINK: https://archive.org/web/
 VIRUS TOTAL
• Analyze suspicious files and URLs to detect
types of malware.

• LINK: https://www.virustotal.com/gui/home
Testing the Non-Malicious
Application
https://www.virustotal.com/gui/
home/upload
Click on Choose File
Non-Malicious File Check
Click on “Confirm Upload”
REPORT
Malicious Application
Choose File
Input Malicious Application
Click on “Confirm Upload”
REPORT
WEB APPLICATION
SECURITY
HOW TO PREVENT FROM THESE
TYPE OF ATTACKS?
 Securing Internet Explorer
Delete Browsing History & Turn off Pop-ups
 Mozilla Security

3 May 2020 Cyber Security Awareness

 TEMP MAIL
Keep spam out of your mail and stay safe - just
use a disposable temporary email address.
Protect your personal email address from spam
with Temp-mail
Link: https://temp-mail.org/en/
.
 USE BROWSER
EXTENSIONS TO
PROTECT AGAINST
HACKERS
 NETCRAFT
The Netcraft Extension allows easy lookup of
information related to the sites users visit and
provide protection from Phishing and
malicious JavaScript.
 FEATURES
• Detailed site reports
• Risk Ratings
• Conveniently report suspected phishing & fraudulent
sites
• Protection against Cross Site Scripting (XSS)
• Protection against Phishing sites
• Protection against malicious JavaScript
HOW TO INSTALL NETCRAFT
CLICK ON ADD TO CHROME
YOU CAN SEE THE SCANNING
RESULT OF ANY WEBSITE
CLICK ON WEB SITE REPORT
TO SEE FULL REPORT
 SHODAN
Shodan is a search engine that lets the user find
specific types of computers
(webcams, routers, servers, etc.) connected to
the internet using a variety of filters.
 SHODAN EXTENSION FEATURES

 The Shodan plugin tells you where the website is

hosted (country, city), who owns the IP and what
other services/ ports are open.

 The Shodan plugin automatically checks whether

Shodan has any information for the current
website.
HOW TO INSTALL SHODAN
CLICK ON ADD TO CHROME
 AdBlock Plus Extension
STEP 1: Open Google on your Web Browser

3 May 2020 Cyber Security Awareness

 STEP 2
Search on Google AdBlock Plus

2 May 2020 Cyber Security Awareness

 STEP3
Click On Add Extension

2 May 2020 Cyber Security Awareness

 STEP 4
You are Done Now 

2 May 2020 Cyber Security Awareness

HTTPS EVERYWHERE

2.
1.
CLICK
ON IT
 UBlock Origin Extension

• Block all Popups/ Advertisements on the

website
• Block large media elements
• Disable Java Script
• Block remote fonts
UBlock Origin
UBlock Origin
 DuckDuckGo Search Engine

• Search Privately
• Block all hidden third-party trackers
• Encryption Protection
• Do not collect or share any personal
information

https://duckduckgo.com
DuckDuckGo
DuckDuckGo
 Follow us
www.infosecawareness.in

https://www.facebook.com/infosecawareness

https://www.youtube.com/channel/UCWPBKQryyV
vydUy4rYsbBfA

https://plus.google.com/u/0/10693786986013
9709031/posts
Email id: isea@cdac.in

TOLL FREE No. 1800 425 6235

BE SAFE & STAY HEALTHY

Thank You
Dr. NEHA BAJPAI
nehakapoor@cdac.in