Quick Links
Are you worried about your personal files getting stolen by hackers? Canary Tokens is a free and easy-to-use tool you’re able to quickly deploy to get notified when a hacker opens your files.
What Is Canary Tokens?
Canary Tokens is a cybersecurity tool by Thinkst Canary used to track hackers when they get access to your personal data. It works by embedding your file with a special tracking URL that alerts you through email when opened. Just likehow honeypots work, the idea is to place a tracker disguised as a regular file on your device. When a hacker opens the file, a hidden link is opened, alerting you to the breach.
How to Use Canary Tokens to Protect Your Data
I’m going to show you how to embed a Canary Tokens tracking URL on a Windows folder. However, you can use Canary Tokens to protect all sorts of files and services, ranging from Word and Excel documents to specific URLs, to online services like Azure and Microsoft SQL server, and more.
Let’s begin by visitingCanary Tokens.
Upon visiting the site, you will be greeted by the Canary Token generator. The generator requires you to set up three fields:
Since we’re embedding the token into a folder, I’ve selected theWindows folderfrom theSelect your tokendrop-down menu.
I’ve also provided an email for receiving an alert and a text note to remind me of what the token is for.
After you’ve filled out the form, clickCreate my Canarytokenand download the ZIP file embedded with a special token.
Now, unzip the ZIP file by right-clicking it and selectingExtract All, then inputting the directory where you want the file to be located. Ideally, it should be somewhere easily located for the hacker to find. For example, if you wanted the file on your Desktop, you would inputC:\Users\YourUserName\Desktop(swapping out YourUserName). You can then add files to the folder and rename it to something a potential hacker might be interested in opening.
Now that our trap has been set, try opening the folder and check if an alert has been triggered.
How to Check if a Hacker Accessed Your Files
Checking to see if your special file has been opened is as simple as opening your email account (the one that you linked to earlier) and checking forCanarytoken Mailerin your inbox.
Allowing email notifications on Chromeor your favorite web browser will help alert you immediately when the file has been opened. You may also want to check your spam folder in case Canarytoken Mailer was identified as spam.
Triggering the token should alert you with an email which will look something like this:
As you can see, it contains info such as date and time, the text note reminder, andthe source IP, which can be used for a variety of things. You can use an IP tracker to find the general location of where your file was opened. Alternatively, selectMore info on this token hereto view the incident map.
The specificity of the location that Canary Tokens provide will vary depending on how the ISP of the person opening your file operates and whether they’reusing a VPN to protect their location data.
How to Troubleshoot Canary Tokens
If you’ve tried opening the folder but still get no alerts, try following the troubleshooting steps.
Canary Tokens Won’t Trigger on a Windows Folder
If you’re using Windows 11 and the Windows folder won’t trigger an alert, it is likely that remote pathing is disabled. To fix the problem:
Lost Filesystem Attribute
This should solve the problem, but if it still doesn’t work, it may be due to the folder’s filesystem attribute being lost during extraction.
Canary Tokens Keeps Triggering
If you keep getting alerts from Canary Mailer, and you’re sure they are false positives from your embedded Windows folder, it is likely that your antivirus software has scanned the folder causing the alert.
To solve this problem, you’ll want to exclude the embedded folder from your regular antivirus scans. If you’re using Windows Defender, here is how to exclude a file or folder:
That should stop your file from getting scanned and prevent the false positives you keep getting from Canary Mailer.
Will Canary Tokens Work if the File Is Transferred to Another Device?
Yes, as long as the tracking URL was visited, you will be alerted about the incident. For the majority of the tokens provided, it shouldn’t matter whether the person opening the file is using Windows, Linux, macOS, iOS, or an Android device. As long as the device is capable of browsing the web, Canary Tokens should work.
Although this guide focused more on using honey tokens on Windows folders, Canary Tokens can do so much more! You can also embed honey tokens on other files (Word, Excel, PDF), online services (Azure, Microsoft SQL server, WireGuard, AWS), email, a specific URL, or even on credit cards. There is even a premium version of the service providing even more features that can help you secure entire networks.
