Security Tips Using Canary Tokens for Threat Detection

Using Canary Tokens for Threat Detection

Last year Hackers uncovered over 4 billion data for a complete worldwide price of $600 billion in damages. This year can also not shaping as much as be significantly better. In reality, within the chaos attributable to COVID-19 pandemic, cyber-attacks are increasing day by day. Believe it or not Google is obstructing on a median of 18 Million phishing assaults in a week and numbers are rising day-by-day.

To fight hackers, many people are turning to canary tokens. This information covers every little thing you have to learn about canary tokens, together with when and how to use them to enhance your security.

Threat Prevention vs. Detection

Canary tokens are improbable. They’re considerably straightforward to make use of, and you may deploy them in numerous efficient methods. But they assist to DETECT threats, to not PREVENT them.

Canary tokens work finest as part of a complete cyber security plan. You additionally want to contemplate digital safety tools and practices like:

  • A VPN (a virtual private network) to protect your web connection
  • File encryption tools
  • Secure file backups
  • Password managers to safeguard your login credentials
  • Automatic updates for software and your operating system
  • Antimalware and antivirus software
  • Browsers tools that block pop-ups, scripts, trackers, and different malicious web objects

What Are Canary Tokens?

Canary tokens, additionally known as honeytokens, have lengthy been a helpful web tool. You can place them in your web site, in your e mail, in your device, and in different places. Once touched, they trigger an alert.

You can use them in lots of situations, together with:

  • Concealed in MS Word and Acrobat files
  • Embedded inside applications to detect reverse-engineering makes an attempt
  • Activating a token when an motion happens, similar to opening a file, making modifications, and so on.
  • Deployment in cloud tools

How to Set Up a Canary Token

All it’s a must to do is choose the kind of token you need to create. Here are 4 completely different examples of utilizing canary tokens.

1. Adobe PDF Reader Document

From the Canary Token platform, you possibly can generate an alert for each Adobe PDFs and MS Word paperwork. Then you choose an e mail or webhook URL.

You can select the place to deploy the Acrobat/Word file. Often, network admins place it on a server to detect unauthorized entry. They may title it as one thing fascinating to hackers like “2019 employee tax information” to attract them in.

Hackers may suppose they’re getting their palms on juicy private data. But, as soon as any individual opens the file, the proprietor of the token will get an alert. They can see useful information concerning the intruder, together with their IP address and approximate location. It helps to grasp the character of the threat higher.

2. Windows Explorer Alert

Setting up a Windows Explorer alert enables you to detect device-level intrusion. It’s option, particularly for suspected threats on senior personnel gadgets.

You have choices too. You can set the icon image, set a customized path, and extra. The result’s, you will get a notification not solely any time any individual tries to open the file however for every kind of unauthorized entry to Windows Explorer.

3. Website Clone Notifications

Hackers usually fake web pages after which target unsuspecting victims. These then enter their login credentials or fee information, believing it’s the actual site.

All you do is add the canary token code into your web site coding. If any individual clones your web site, they’ll embrace JavaScript because it’s important for the performance of the site. Running it prompts the token, triggering the alert.

4. View Private Message Behavior

It is rather less security-oriented, however an interesting display of what Canary tokens can do. You can set alerts for each time any individual checks a private chat.

When any individual logs into Slack, the platform generates a URL preview. If you deploy a Canary token in a Slack channel, you possibly can see real-time updates when folks open the chat box—even when they don’t open the link.

It additionally works on Skype, WhatsApp, Facebook, iMessage, and Wire. In these instances, you should use the canary link to verify no one is snooping on a dialog you need to hold private.


Canary tokens are a good way to detect unauthorized entry. You can use them on system files, web sites, messages, and paperwork, however there’s way more you are able to do with them.

But, as soon as once more, canary tokens solely assist with threat detection. They don’t protect your data in any method. Whether you employ them or not, you continue to want security tools like VPNs, antivirus software, and extra to remain protected online.


Please enter your comment!
Please enter your name here