CERT-GH advisories & alerts inform current reported cybersecurity vulnerabilities and threats identified. The advisories provide a summary of the threat analysed. Descriptions of threats reported as well as procedures to mitigate the threats and minimise their impact are provided as part of advisories
CWebsite defacement is an attack on a website that changes the visual appearance of the site or webpage. It is similar to drawing graffiti on a wall, only it happens virtually as a kind of electronic graffiti and is a form of vandalism.Read More
This is a form of blackmail in which sexual information or images are used to extort sexual favors or cash from the victim. Social media and text messages are often the source of the sexual material and the threatened means of sharing it with others.Read More
WhatsApp Scam #1
Whatsapp Gold!! This is nothing but a trick used by scammers to install malware and viruses onto our phone or device. It’s an old trick, claiming that there is a secret update to WhatsApp that gave users enhanced features that could be shared around.Read More
Mobile Money Fraud
Mobile money agents and telecom workers are not to ask you for your PIN to initiate any transaction on your behalf. Your PIN is your secret number.Read More
Avoid Phishing Scams
Scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers.Read More
CERT-GH of the National Cyber Security Centre provides the following advisory.
This is to advise all Web host users, managers and business owners in Ghana of cases of website defacement identified by CERT-GH
Website defacement is an attack on a website that changes the visual appearance of the site or webpage. It is similar to drawing graffiti, only it happens virtually as a kind of electronic graffiti and is a form of vandalism. These are typically the work of hackers, who break into a web server and replace the content the hosted website with one of their own. Attackers have different motivations when they deface a website. Political motivation is one, which is often used to spread messages by “cyber protesters” or hacktivists. Other attackers may choose to deface a website for fun – to mock site owners by finding website vulnerabilities and exploiting these to deface a website. In both cases, website owners face damages to their business and reputation once their sites are defaced.
Consequences of website defacement vary. Here are some consequences an organization may face after its website has been attacked.
- Potential Data breach: Due to the noticeable nature of web defacement, some hackers use them as a form of diversion. With everyone’s attention focused on the defacement, these hackers can then carry out more sinister activities without getting detected immediately. For instance, they could steal sensitive information, install malware, and perform privilege escalation or carry out other nefarious acts.
- Losing Customers: Visitors may be redirected to sites teeming with malicious code. They might be prompted to download malware onto their system or it downloads itself, undetected. In such cases, your regular and new visitors may be concerned about visiting your page in the future and you can potentially lose customers.
- Impact on PageRank and Traffic: Search engines rank your website according to a number of factors. A higher ranking website comes up first in the results of a search query. If your defaced website is flagged or identified as causing harm to its users, a search engine such as Google might add you to its blacklist. This means that you can lose up to 95% of website traffic that could be gained from Google search results.
- Effect on Brand Image: Internet users worry about safety during their online experiences. If they notice you have failed to establish security measures on your website, they automatically conclude that you are either completely negligent in securing your website or are extremely ignorant about information security challenges and threads. Such conclusions can be devastating for your organization’s image.
- Security audits and penetration testing: Unpatched systems are a prime target for hackers since they are susceptible to numerous vulnerabilities. Other known vulnerabilities are unused open ports on servers which allow attackers to connect to servers without authentication, allowing remote execution of malicious code when connected to an unsecured networks. Regular security audits are helpful in evaluating the security posture of an IT infrastructure (operating systems, service and application flaws, improper configurations, or risky end-user behaviour) and better protect the systems hosting the website
- Defend yourself against SQL injection attacks: SQL injection attacks involve the use of SQL statements inserted into data entry fields in order to affect the execution of predefined SQL statements. With the modified SQL statements, attackers have extracted sensitive information, obtained the authentication details of registered users on a website and corrupted databases making websites unusable. To defend against SQL injection, use parameterized statements that make sure that the inputs passed into SQL statements are treated in a safe manner. Escaping inputs from input fields which treats all inputs, especially special characters as part of the string, not the end of the string, also defends against SQL Injection
- Defend yourself against Cross-site Scripting (XSS) attacks: Cross site scripting is when an attacker tries to pass scripting code into a web form to attempt to run unauthorized code on the website. It tricks an application into sending malicious script through the browser, which believes the scropt is coming from the trusted website. Each time an end user accesses the affected page, their browser will download and run the malicious script as if it was part of the page. To defend against XSS, validate the input which ensures the application renders the correct data and prevents malicious data from doing harm to the site, database and users.
- Use defacement monitoring and detection tools: The effects of web attacks are leaving companies with a short time to react and perform damage control after an incident. Defacement monitoring and detection tools are one of the best solutions to monitor any defacement or unauthorized integrity change in the websites. These are some of the most used monitoring and detection tools: Banff Cyber’s WebOrion Defacement Monitor, Site24x7 and Nagios. Careful evaluation and configuration of the tools to detect both full and partial defacements involving HTML as well as linked images, scripts and stylesheets are important to ensure an effective tool is in place.
- Prepare to respond to defacement incidents: What do we do when our website is defaced? A good detection tool only tells you when your website is defaced but not the action that is to be taken. It is therefore important to put in place a set of incident response procedures, and ensure that you have the right personnel to respond to a web defacement. The technical response team will likely involve the security manager, web masters/web developers and the web server team. It may also be important to have corporate communications prepare a public message to preserve the web reputation of the company and also have a maintenance webpage to inform customers. Make an action plan for handling the restoration process that will shorten the time for recovery.
Here are general minimal tips and advice from CERT-GH as precaution steps:
- Do not click on any email attachment or links provided in emails, social media platforms or websites that you are not familiar with.
- Apply security updates and patches and stay up to date with the latest system versions.
- Report the incident to CERT-Gh on email@example.com
- Share the advisory and precaution steps among users in your organization and communities for awareness purposes.
Website defacement can result in damage to a site’s reputation, loss of valuable information and user privacy, loss of money and loss of time. It is therefore expedient to put mitigation and prevention techniques in place. To conclude, keep these tips:
- Keep software up to date
- Watch out for SQL injection
- Protect against XSS attacks
- Beware of error messages
- Validate on both the browser and the server side
- Check your passwords
- Avoid file uploads by users
- User HTTPS
- Get website security tools
Sextortion is a form of blackmail in which sexual information or images
to extort sexual
favors or cash from the victim. Social media and text messages are often the source of
sexual material and the threatened means of sharing it with others.
This is a criminal offence, report immediately, send us an email and report the incident, include all evidence of the blackmail to firstname.lastname@example.org , you can also send us a whatsapp message to 050 160 3111
Whatsapp Gold!! This is nothing but a trick used by scammers to install malware and viruses onto our phone or device. It’s an old trick, claiming that there is a secret update to WhatsApp that gave users enhanced features that could be shared around. The scammers provide a link that would supposedly enable people to install WhatsApp Gold but, in reality, would trick them into downloading malware.
Ways to Avoid Being a Victim of Mobile Money Fraud
It is highly advised not to share Personal Identification Numbers (PIN)
or secrete number with anyone and this includes mobile money agents,
workers of any telecommunication network and your friends.
Mobile money agents and telecom workers are not to ask you for your PIN to initiate any transaction on your behalf. Your PIN is your secret number.
Make sure that your PIN is difficult to guess. When choosing your 4
numbers, it’s best to avoid using the year of your birth, the day and
month of birth, repetitive numbers like 1111, 2222 etc. Also avoid
common pattern numbers like 1234 or 2018.
Use a PIN that would be difficult for people to guess, but easy to remember. If you currently have a weak PIN, you can change it.
Don’t ever give your mobile phone to agents to do a transaction on your behalf. If you give your phone to an agent to initiate a transaction on your behalf, you expose yourself to being defrauded.
Whenever you make a deposit at any mobile money merchant shop, make sure you receive confirmation text before you leave. Make sure the text received is from the said telecom company. Be vigilant and watch out for text messages from suspicious phone numbers. Always verify transaction details before withdrawing or transferring money.
Don’t trust text messages from suspicious phone numbers regarding your mobile money account. Treat such numbers with suspicion and don’t follow instructions they ask. Beware of scam calls asking you to send mobile money to their accounts to receive cash prizes or asking for your account details. Whenever in doubt, don’t hesitate to call the customer service number.
How to Recognize and Avoid Phishing Scams
Scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts. Scammers launch thousands of phishing attacks every day and they’re often successful. But there are several things you can do to protect yourself.
Scammers use familiar company names or pretend to be someone you know. They ask you to click on a link or give passwords or bank account numbers. If you click on the link, they can install programs that lock you out of your computer and can steal your personal information. They pressure you to act now – or something bad will happen.
Check it out.
Look up the website or phone number for the company or person who’s contacting you. Call that company or person directly. Use a number you know to be correct, not the number in the email or text. Tell them about the message you got
Look for scam tip-offs.
- You don’t have an account with the company.
- The message is missing your name or uses bad grammar and spelling.
- The person asks for personal information, including passwords.
- But note: some phishing schemes are sophisticated and look very real, so check it out and protect yourself.
- Just place your cursor on the link you have been asked to click to verify the web address.
Keep your computer security up to date by installing an antivirus, update
it regularly and back up your data often.
Consider multi-factor authentication – a second step to verify who you are, like a text with a code – for accounts that support it.
Change any compromised passwords right away and don’t use them for any other accounts.
Ways to avoid being a Romance Scam victim.
Romance scammers are smooth operators and can take their time to set their trap. Scammers take advantage of people looking for romantic partners, often via dating websites, apps or social media by pretending to be prospective companions. They play on emotional triggers to get you to provide money, gifts or personal details.
- Your new romantic interest sends you a picture that looks more like a model from a fashion magazine than an ordinary snapshot.
- The person quickly wants to leave the dating website and communicate with you through email or instant messaging.
- He or she lavishes you with attention and often overwhelm prospective marks with texts, emails and phone calls to draw them in.
- He or she repeatedly promises to meet you in person but always seems to come up with an excuse to cancel.
- Do take it slowly. Ask your potential partner a lot of questions, and watch for inconsistencies that might reveal an impostor.
- Do check the photo, using Google’s “search by image” feature. If the same picture shows up elsewhere with a different name attached to it, that’s a sign a scammer may have stolen it.
- Do be wary of flirtatious and overly complimentary emails. Paste the text into a search engine and see whether the same words show up on websites devoted to exposing romance scams.
- Do cut off contact immediately if you begin to suspect that the individual may be a swindler.
- Do notify the dating site or the maker of the dating app on which you met the scammer.
- Don’t feel a false sense of safety because you’re the one who made first contact. Scammers flood dating websites with fake profiles and wait for
- Don’t reveal too much personal information in a dating profile or to someone you’ve chatted with only online. Scammers can exploit details like your last name or where you work to manipulate you or to commit identity theft.
- Don’t ever give an online acquaintance intimate photos that could later be used for extortion.
- Don't send cash to someone you've chatted with only online or put money on a reloadable gift card for the person — you’ll never get it back.