Category: Cybersecurity Awareness Month

Detect a malicious website in 4 points

Posted on by Ifotec Ifotec

How to detect a malicious website ?

In an era where online shopping and digital interactions dominate our daily lives, security risks are increasing. Cybercriminals create fraudulent websites to steal personal or banking information or to spread malicious software. It is crucial to know how to spot these sites to avoid falling victim. Here are four key points to consider when detecting a fraudulent website.

Four key points to detect a malicious website

1. URL and site security 

The first thing to check is the URL. Ensure it starts with “https://,” indicating a secure connection. Using tools like Google Safe Browsing helps verify if the site is recognized as dangerous. Be cautious of URLs that resemble a company’s official domain name. For example, the main domain name of IFOTEC is “ifotec.com” : Slightly modified names like “if0tec.com,” “fr-ifotec.com,” or “ifotec.fr.com” are not valid. Always check the end of the URL to identify the site’s domain name. A URL consists of several strings of characters separated by dots (“.”). For example, the address “support.ifotec.com” corresponds to the subdomain “support” of the main domain “ifotec.com,” which is valid, whereas “ifotec.support.com” refers to a subdomain “ifotec” under the main domain “support.com,” which is not valid.

2. Site reviews and reputation

Before trusting a site, check its online reputation. Look at user reviews on sites like [Trustpilot] (https://trustpilot.com/). Pay attention to the number of reviews, as a large quantity is essential to ensure they’re not fake.

3. Site owner and age

Use tools like Whois DomainTools to find details about the domain owner. A recently registered domain or one with a hidden owner may indicate a fraudulent site.

4. Payment methods 

Be cautious if a site only offers unusual payment methods, such as bank transfers or gift cards. Secure sites provide options like PayPal or credit card payments with protection. If you’re asked to pay through untraceable means, you’re likely dealing with fraud. Also, beware if you receive an email after a purchase saying the payment was declined and asking you to try again—this could indicate you’ve already been scammed, and they’re attempting to defraud you further.

It’s not uncommon to come across fraudulent websites online that mimic official ones, offering deals that seem too good to be true. Sometimes, a friend may even share a link to one of these sites, thinking it’s a great deal. This is why it’s always best to follow the verification steps mentioned above.

If you realize you’ve been scammed, immediately notify your bank and change all your passwords (email and site accounts). For your information, even if you’ve entered your card details on a fraudulent site, in most cases, your bank is required to refund any unauthorized transactions.

More informations on the IFOTEC LinkedIn page !

Cyberattacks

Posted on by Ifotec Ifotec

Learn more about cyberattacks on embedded systems

CYBERMOIS

Either to collect information, to alter the functioning of an embedded system, or simply to neutralize it, there are many methods of cyberattacks.

They can be classified into two categories, the passive or observational methods of attack and the active methods of attack that require interaction with the equipment.

What is a passive attack ?

Passive attack methods on embedded systems consist in the analysis of the equipment behaviour. They are intended to recover sensitive information, such as encryption keys, certificates, passwords, …

There are also side channel attacks, which exploit vulnerabilities in the implementation of a system. For instance, it is possible to collect information by analysing the evolution of the current consumption of a system or its electromagnetic radiation. An increased power consumption indicates more calculations. Timing attacks allow to know the execution time of some operations, which can be particularly efficient if the algorithm uses a loop to compare keys.

Cyberattacks

Probing attacks consist in positioning probes on the board to analyse the communication buses between the components, on the factory or maintenance interfaces or directly on the test points of the board.

What is an active attack?

An active attack on embedded systems can be of several natures. If it concerns equipment with an IP interface, it can be a DoS attack (denial of service attack) which aims to make the system unavailable. This can be done for example by flooding the network or by disturbing the connections between devices.

If the hacker has access to the electronic board, he can extract the data contained in the external memories or alter its content. It is also possible to inject faults or glitches on the communication buses to alter the functioning of the system.

Cyberattacks

What about the security of IFOTEC’s IP equipment ?

Concerning IFOTEC’s secure Ethernet Switches, the security of these fiber optic transmission equipments is taken into account from the design stage.

This is accomplished through the choice:

  • Components allowing advanced cryptography functionalities
  • A software development using only reliable encryption algorithms
  • No access to sensitive data

Furthermore, the integrity of the application is verified at each startup and updates can only be made with firmware authenticated by ourselves.

An article by Pascal Brand, R&D engineer at IFOTEC.

Find us on our LinkedIn page.