Gone Phishing: How to Recognize Fake Websites and Other Online Scams
Whether it’s corporate espionage, ransomware, or online fraud, most cyber attacks don’t start with sophisticated software exploits, but rather by employing relatively simple tricks. These tricks are called “phishing” attacks because, much like baiting a lure, they won’t work unless you bite. However, many people do get caught up by them.
In 2019, ninety percent (90%!) of reported data breaches began with a simple phishing scam, costing businesses over $12 billion in losses. Phishing attacks are the most common type of cyberattack on the Internet today, with one and a half million new phishing websites launched every month. Thankfully, it’s easy to spot—and even to perform—these tricks if you have the right guidance.
For example, when you’re at a cafe and you ask the patron next to you to watch your belongings, your stuff will probably be safe when you return. But how safe would you feel if the patron at the next table turned to you and offered to watch your belongings when you next needed to use the restroom? If you had two different reactions to these scenarios, you already have the intuition you need to understand how the overwhelming majority of cybercrime gets a foothold inside your company, home, or organization’s network.
In this workshop, derived from a portion of the Tech Learning Collective’s popular “Hacking with Mr. Robot” Security 101 course, you will have the opportunity to create and deploy your own phishing Web site that can steal usernames and passwords from unsuspecting victims. By learning how attackers build pixel-perfect replicas of familiar sites like the Facebook login screen, you will also gain the skills you need to more quickly recognize the signs of a malicious web site, email, or other online scam.