We have answers from the amazing team about triggering tokens: Q: Why is the ISP triggering the tokens? A: CanaryTokens generate a unique HTTP URL or DNS hostname which once browsed to or resolved, makes a connection back to our servers and raises an alert. The Windows Folder Token makes use of DNS to trigger an alert, and inspecting the downloaded files reveals that we set the folders icon to a remote resource and encode some local system information into the hostname. Due to the hostnames being unique, Windows will recursively query a Tokens hostname up the DNS resolution chain which usually follows the path of localhost -> local DNS server (router) -> ISP DNS servers -> Root Servers -> Canary Tokens server. We tend to see multiple alerts happening after a Token is first triggered as ISP name servers cache the query and later refresh that cache for any DNS updates, this causes the Token to trigger multiple times. The “recent places or quick access” features of Windows can keep the Tokened folder in explorer's sidebar which attempts to preview the document causes further unnecessary alerts. Our advice: once a Token has initially triggered, you'll have gotten the all-important alert to further investigate; once complete, it's worth swapping out the Token for a new one to avoid later false positives. Q: Does this work on cell phones too? A: Yes. It's worth noting however that Tokens are designed to be tripped by their intended applications.The Word Token will require a desktop version of Microsoft Word to trigger Q: What about Anti-Virus? A: AV products do sometimes detect and even trigger Tokens in their scans, it's worth hiding Tokens a little deeper in your files. Certain AV programs also offer "sandboxing" services whereby files are uploaded to their servers for safe "detonation" which can end up triggering Tokens multiple times.

hmmm I am seeing several people saying that their own ISP is triggering their tokens. I am looking into why this is happening. I also reached out to Canary Token people to see if they can shed some light. So DONT PANIC - your ISP is most likely not hacking your computer. My guess it is some type of "checks" that is happening at the ISP level. Will keep you updated as I learn more. This is getting interesting 🤔

You are a living legend Liron.

Liron you're the Best 🙌 Much love 🙏 - Stay Blessed - 🙏❤✌

YOU ARE Epic!!! So much valuable info, I'll be watching again! Thank You!

Tech experts gets hacked moment

Liron, you're great. I'm so glad I subscribed so that your video appeared at the top of my KZfaq viewing list.

I would love to see you describe home network security and how to monitor connections and do some tls dissection

Thank you so much. I love ur channel and subbed a few weeks ago. Love all ur content and use a lot of it. Thank you for increasing my security

Great info as always.

You are a star. Thank you . I'm subscribed.

For me still lost, but good that you can help people. Thank you.

Lots of valuable information brother ,thanks

Great and useful content as always :)

wow this is crazy thanks for this man like always you keep giving great information did the email stuff now.

Great info -- AGAIN! Thanks

great information. I created a similar folder and opened it and then checked to see that it has been opened 3 times, once by me and 2 times from two different asian conuntries

Bravo, brother!

OK, now what do you DO with that information? Can you go after the hackers some way?

This is interesting. Will try this out. 👍🏻

Good Info thanx 😃👍

Thanks Liron, good stuff matey !!

Update: I made the token and I see that my cellphone provider seems to trigger it, now I do not know if cookies do this or a hacker is active, but I did ask them to clarify. Thank you it is nice to see.

Hello can I use canary tokens on MacBook Pro or iPhone 13? I see a lot of the tokens are related to windows

What can I do if I catch someone?

Thanks for another useful video and yes I am a subscriber

Thanx

I have created the folder and shortcut and put them on my desktop, it will be interesting to see what hits i get. Thanks for creating the very interesting and useful videos.

Epic... thanks so much

Thanks for your expertise. Any advice for Android phones?

So cool. I didn't even know "honey pots" were a thing. Now I have one on my desktop.

How long did it take from the time you set up the honeypot until you got results?

Thanks!

Thumbs up and subscribed!

Thanks for the great info... I will definitely use this !!! Thank You for taking the time to educate people like me. I really like your channel . Please keep up the great work !!!

Thx for the info, but what do I do to stop them from acessing my computer? Do I have to format my pc and install everything again? Keep with your great work, 👍👍

Amazing bro!!!!!😮😮😮👍🏽✊🏽✊🏽🎧🎵👏🏾👏🏾👏🏾

Thanks Leron. Very apt for Aussie right now.

Running file backups that include a tokenized folder will also generate email alerts.

Same I got hacked yesterday

Liron you're a Boss

Hi Liron if im getting these tokens what do I do? I have virus protect and everything is up to date what am I missing thank you so much for your time

What if your on a apple ipad which one Would you click on

I'm your new subscriber, and I love you 😍😍😍😍

There is a file called "desktop" which is a configuration ini file, which i believe i can see because i have windows to show all hidden files, inside the My Documents folder downloaded.

Nice! What should I do with the info about the hackers?

Liron, I have tried putting the windows folder thingey on two different computers, and I am not getting any emails or trigger alerts on the Canary page under ''manage this token''. Your instructions are very clear and I followed them directly but still nothing. Any ideas what Im doing wrong?

Could one create something similar in PowerShell?

A little confused, Google's options are always see images or always ask, there's no don't automatically download images. It does say in the link you provided, that Google automatically scans email for potential threats. So what's the score? 🤔

Thats awesome. BUT! How we de stop them from taking info are watching and viewing our PC?

Would this work if I dropped these folders on a Synology server?

What do I do if someone trigger it? How to I revoke the access they have to my PC??

WHEN I HAVE A VIDEO ATTACHED TO MY EMAIL I HAVE TO SAVE IT IN ORDER TO PLAY IT. I USE TO JUST RIGHT CLICK ON THE ATTACHMENT AND CLICK PLAY. WHAT DO I HAVE TO DO IN FIREFOX TO HAVE THIS OPTION AGAIN. THANKS

Hi - At the 1:50 mark, are you copying the downloaded folder to the desktop or are you moving it? Thanks!

Hi thanks

Really like those over the top, exaggerated thumbnails 👌

Liron , will System Mechanic® Ultimate Defense help me with the people getting into my computer , like canary is showing , ? Thanks

I get it. Could they open a file/folder that uses encryption? Meaning not using bait, but they come across a real file.

MERCI

I wish there was such on cell phones too.

anyway I tried the the fast redirect and slow redirect and could not get my browsers to go through when ever I would go to test them

Can you explain more about "just by it being in your email and hovering over the link" comment you made? Does this mean even if I don't click the link just hover over it and look at the URL description it is triggering a token to the sender...??? Really appreciate this info!

how did they get in?

Nice video Liron , PLEASE I've question to ask .... You said that if I open an email I received if the image load without clicking the image itself it'll notify them that I've read the email... So I taught it's only when I clicked on the image ?

Hmm...very interesting. Insteading of email, can CanaryTokens trigger a text message?

Amazing video as usual. I tried it and every time i startup my computer ( after i Power down) i get a trigger alert immediately...... every single time I power on my computer. I tried restart as well ( as opposed to power down) and same thing happens , i get an trigger alert as soon a my computer is restarted ( false positives) and sometimes I get many other alerts, all says my VPN ( I have VPN on at all times). I had to remove it.

did as instructed but whenever I access this folder, there are no triggers at all

Very useful video

Thanks Liron! Honeypot set up.

I u go to recent pages opened?

Is anti-virus worth to keep in computers now in 2024?

I tried the token site you mention and get this site can’t be reached?

Thiojoe made a vid like this and he went over a method that uses logs to detect any access, even if the attacker is not on windows. It would then turn off the network drivers and shut down.

Thanks Liron. I followed your instructions and immediatly got 8 hits from my ISP?????

Thanks for posting. I have question, why after creating the honeypot, I checked on the history, it shows all 14 clicks where various IP addresses show up, some from local and some from out of state. Does someone constantly watching it ? I have no idea.

Nice idea, but it doesn't seem to be working for me, nor can I see the "Manage Token" screen. Help me!

Curious, this upload started at 2:57 into video

How do you remove it if you decide there are too many alerts (false positives)? If I put the file into my Trash folder surely it still exists and there and may continue to trigger.

I would redirect them to one of the KZfaq channels that messes with scammers. LOL

Why the heck do you have a minidisc player on the shelf? 🤔

Getting a lot of hits from _Cloudfare WARP_

Excellent video advice. However, I think I may be getting false positives. I have a new PC. I don't surf in admin, only visit legit known sites, and check links with virus total before visiting a new site or clicking a link I've never used before. I have an up-to-date AV, using Quad9 DNS. I always look forward to being notified of your new uploads.

what if hackers are using VPN ?

Why does this process use so much CPU processing power? It seems to bog down down the PC!

I, similarly, have an e-mail contact named "Me". Every once in a while I get an e-mail from Me. That way I know if something has gone through my contact list and tried baiting me. It's at least an alert.

Liron I got the folder on my desktop and it gets triggered like 12 to 15 times a day. What should I do?? Reinstall windows?? Please help.

Appreciate the knowledge! I've subscribed a while back

First here to watch and like, am that am always first person. big ups to you big brother 👏

This explains it so much better than what my professor did.

Will you get notified if this file is copied or scanned by a program like Discord? Let’s say copied to remote location.

Hey, do you script yo videos??

youve never replied to me but maybe this is my lucky shot. I followed all the directions, but I am not getting any emails and it says my token has not been triggered yet, despite me trying every which way to make it work. Theres quite a few people commenting this but I havent seen it answered. THANK YOU!

IT says a list that Google LLC accessed my file

The Thunderbird email client for PCs/Laptops refuses to download images by default. They can be enabled each time or permanently for senders the user selects. Some companies don't give you much information, what they want you to see is loaded in the images which are also links. I get lenient, "This was sent from, say, a streaming service I subscribe to, so I'm more willing to allow the images to load. Others, no.

It appears to be uneccessarily attracting hackers??

I tried this, but found that Google triggered the tokens more than 30 times in the first two hours after I installed it. That's not tolerable.

I don’t understand how the Windows folder part works. How did CantoryTokens knows the Windows folder was accessed? Windows folder isn’t executable like .exe, it’s just a folder? When you downloaded the folder I didn’t see you run anything else that that would trigger CantoryTokens that the folder was accessed?

Hello L, I have troubles taking photos using Android smartphone in a way that is acceptable to Mobile Bank App. Please do UTube video on this subject.

I FOLLOWED THE STEPS BUT when i checked history ,it says It dosent show me a list of events !!

Instantly after doing this i got over 50 triggers, all from my ISP....................... Update: I get a trigger alert approx every 30 minutes from my ISP. Update 2: I removed it due constant triggers from ISP.