Gone Phishing: How to Recognize Fake Websites and Other Online Scams
The most common way hackers steal passwords, install malware on a victim’s computer, or get employees to grant them unauthorized access to critical business systems is through so-called phishing attacks. A phishing attack is surprisingly low-tech, which is part of what makes it so devastatingly effective. Learning to spot these attacks is one of the most important things you can do to protect yourself online, since a hacker’s tricks, called “lures,” can appear anywhere from an email, to a Facebook message, to a real Web site that looks exactly like one you recognize! In this workshop, you’ll learn how frighteningly easy it is to build these scam sites, and all about the tricks they use to fool you into falling for them.
Whether it’s corporate espionage, ransomware, or online fraud, most cyber attacks don’t start with sophisticated software exploits, but rather by employing relatively simple tricks. These tricks are called “phishing” attacks because, much like baiting a lure, they won’t work unless you bite. However, many people do get caught up by them.
In 2019, ninety percent (90%!) of reported data breaches began with a simple phishing scam, costing businesses over $12 billion in losses. Phishing attacks are the most common type of cyberattack on the Internet today, with one and a half million new phishing websites launched every month. Thankfully, it’s easy to spot—and even to perform—these tricks if you have the right guidance.
For example, when you’re at a cafe and you ask the patron next to you to watch your belongings, your stuff will probably be safe when you return. But how safe would you feel if the patron at the next table turned to you and offered to watch your belongings when you next needed to use the restroom? If you had two different reactions to these scenarios, you already have the intuition you need to understand how the overwhelming majority of cybercrime gets a foothold inside your company, home, or organization’s network.
In this workshop, derived from a portion of the Tech Learning Collective’s popular “Hacking with Mr. Robot” Security 101 course, you will have the opportunity to create and deploy your own phishing Web site that can steal usernames and passwords from unsuspecting victims. By learning how attackers build pixel-perfect replicas of familiar sites like the Facebook login screen, you will also gain the skills you need to more quickly recognize the signs of a malicious web site, email, or other online scam.
Upcoming “Gone Phishing: How to Recognize Fake Websites and Other Online Scams” Events
Subscribe to our calendar.