ICO wiki - User contributions [en]

ICS0018 Hands-on seminars

2026-03-30T12:33:30Z

Almace:

=== The idea ===

The hands-on seminars are a task for '''teams of three''' (initially based on Kristjan's ScamLab materials). The goal is to learn about different scams in a safe(ish) but real environment. A little side quest is to waste scammers' time so that they can't use it on actual victims.
A successful presentation will result in passing the course if the attendance criteria (5 out of 8 lectures and seminars) is met. To register a presentation, '''please team up and register below''', in your chosen time slot. '''There are limited presentation slots - first come, first served!''' (note: as people sign up, we will probably have to cram as many presentations as possible into each seminar - but the space is not infinite, we will have more or less 90 minutes for each).

Note: this time, we went from paired work to 3-person teams due to the number of people in the course (the seminar time would not have been enough for pairs).

=== The Task ===

Step 1: Create a fake identity and honeypot email account for engaging with scammers. Other platforms are also welcome, as long as you are able to protect your identity.

Step 2: Distribute the email address on shady or spammy sites, such as social media, online forums, etc. Some tips can be found here https://www.quora.com/How-can-I-get-scam-emails

Step 3: Wait for the scams to start rolling in.

Step 4: Engage! First select if you're going to use a naïve or aggressive approach.

If you don't manage to get any scammers to directly email your newly created address, go look in your regular mailbox, in the spam folder, ask friends & family, etc. NB! Before replying to any of those "crowdsourced" scam emails from your fake account, be sure to delete the address it was originally sent to.

Some tips for safety:
# Never reveal your (or anyone else's) real personal information to the scammers. Make up something realistic.
# Never open any links in emails unless you're in a protected sandbox environment.
# NEVER give out any real financial information, account information, or passwords.
# Always use Multi-Factor Authentication (MFA). Even on your fake accounts.

Here's the grand prize: if you manage to engage with at least 3 scammers for a message chain of 5 or more (they respond to at least 2 of your messages in the same thread), and present your findings (these should include the social engineering methods and psychological principles used by the scammers and yourself) at one of the seminars, '''you pass the course'''. It's not as easy as it might first seem.

=== Alternative task ===

An alternative way to pass is to educate people in your social network, friends, family, coworkers, etc about scams, how to spot them, how to avoid them, what to do if you're already a victim. If you want to use this option, please contact Kaido (over e-mail or MS Teams) and suggest how would you do it.

# pre-survey (what do the people know about the topic and what they want to learn - can be done either well ahead in writing or orally before the event, but should be documented)
# training description and syllabus
# training material (typically, presentation slides)
# some photos of the training event (showing that it actually happened)
# post-survey (what did the people learn and how did they evaluate the training)

The materials listed above should be compressed to a single archive file (e.g. .zip) and sent to Kristjan (via e-mail, Teams or other channel - Google Drive, Dropbox etc) before presenting them in the seminar.

=== Alternative task 2 ===

Create two spread phishing scenarios:

# One dynamic, using a ChatGPT prompt to compose the phishing email. The prompt may include context such as the employee’s email address, job title, communication language, country of residence, company name, and industry. GPT has internet access and may use real supplementary information to compose the message. The email must be generated using a single-shot prompt.
# The second scenario is a static HTML email, where the same parameters can be used.
Email will be sent out from existing Phishbite domain pool. Student can define which of the domains will be used.

For both templates, when presenting the template, explain why this particular phishing email might be effective. What factors is the phisher exploiting?

Based on the created scenarios, each phishing email will be sent to 50 randomly selected email addresses of Phishbite client employees.

Student will get overview of their Phishing emails performance based on the real user testing data.

They will also get additional feedback from Phishbite team. Top performers may get an offer for an internship with PhishBite.

To complete the task, email your scenarios to Urmo (cc: Kristjan) not later than '''march 10, 2026'''.

'''This task is limited to 20 students. Register below.'''
# Martten Tiitsma
# Dmitri Plotnikov
# Jan Albers
# Kamil Błasiak
# Andres Alexander Jürgenson
# Renee Žugov
# Kaisa Arge
# Juss Roderick Janson
# Idrees Muhammad
# Daniil Yussopov
# Yuliia Sidelnik
# Robert Kadak
# Vladislav Šahhov
# Danila Võssotski
# Kevin Woollard
# Ruslana Jankovska
# Ellen Marie Lasson
# Konstantin Tužikov
# Mykola Fernandes de Rives
# Ariz Azadli

=== The Seminars ===

Seminar 2: Thursday, March 12
* ...
* Daniel Slavoševski, Maksym Fedorov, Danila Karotam
* ...
* Tõnis Kändmaa

Seminar 3: Thursday, March 19
*
* Tomas Silva, Anna Sulkhanishvili, Toghrul Aghayev
* Alirza Zaidov, Mahammad Seyidzada, Onarbay Yusifov
* ...

Seminar 4: Thursday, March 26
* Erik Pihtje, Martten Tiitsma, Erik Rasmus Alt
* Ian Tuttle, Juri Bogdanov, Evgenia Gammer
* Henri Tõnnus, Isabel Zimmermann, Märten Pikkof
* RESERVED for Urmo to talk about the phishing simulation results.

Bonus Seminar 1: Tuesday, March 31 @ 12:00
* Mathias Siimon, Günther Miklas, Joosep Rehepapp
* Konstantin Tužikov, Ellen Marie Lasson, Ruslana Jankovska
* Ayaz Zeynalov, Kuzey Arda Bulut.
* Jekaterina Lugovets, Algirdas Mačenskis, Magnus

Bonus Seminar 2: Thursday, April 2 @ 12:00
* your_names_here
* Idrees, M
* Ariz Azadli
* your_names_here

[[Social Engineering | Back to the course page]]

ICS0018 Hands-on seminars

2026-03-19T10:57:28Z

Almace:

=== The idea ===

The hands-on seminars are a task for '''teams of three''' (initially based on Kristjan's ScamLab materials). The goal is to learn about different scams in a safe(ish) but real environment. A little side quest is to waste scammers' time so that they can't use it on actual victims.
A successful presentation will result in passing the course if the attendance criteria (5 out of 8 lectures and seminars) is met. To register a presentation, '''please team up and register below''', in your chosen time slot. '''There are limited presentation slots - first come, first served!''' (note: as people sign up, we will probably have to cram as many presentations as possible into each seminar - but the space is not infinite, we will have more or less 90 minutes for each).

Note: this time, we went from paired work to 3-person teams due to the number of people in the course (the seminar time would not have been enough for pairs).

=== The Task ===

Step 1: Create a fake identity and honeypot email account for engaging with scammers. Other platforms are also welcome, as long as you are able to protect your identity.

Step 2: Distribute the email address on shady or spammy sites, such as social media, online forums, etc. Some tips can be found here https://www.quora.com/How-can-I-get-scam-emails

Step 3: Wait for the scams to start rolling in.

Step 4: Engage! First select if you're going to use a naïve or aggressive approach.

If you don't manage to get any scammers to directly email your newly created address, go look in your regular mailbox, in the spam folder, ask friends & family, etc. NB! Before replying to any of those "crowdsourced" scam emails from your fake account, be sure to delete the address it was originally sent to.

Some tips for safety:
# Never reveal your (or anyone else's) real personal information to the scammers. Make up something realistic.
# Never open any links in emails unless you're in a protected sandbox environment.
# NEVER give out any real financial information, account information, or passwords.
# Always use Multi-Factor Authentication (MFA). Even on your fake accounts.

Here's the grand prize: if you manage to engage with at least 3 scammers for a message chain of 5 or more (they respond to at least 2 of your messages in the same thread), and present your findings (these should include the social engineering methods and psychological principles used by the scammers and yourself) at one of the seminars, '''you pass the course'''. It's not as easy as it might first seem.

=== Alternative task ===

An alternative way to pass is to educate people in your social network, friends, family, coworkers, etc about scams, how to spot them, how to avoid them, what to do if you're already a victim. If you want to use this option, please contact Kaido (over e-mail or MS Teams) and suggest how would you do it.

# pre-survey (what do the people know about the topic and what they want to learn - can be done either well ahead in writing or orally before the event, but should be documented)
# training description and syllabus
# training material (typically, presentation slides)
# some photos of the training event (showing that it actually happened)
# post-survey (what did the people learn and how did they evaluate the training)

The materials listed above should be compressed to a single archive file (e.g. .zip) and sent to Kristjan (via e-mail, Teams or other channel - Google Drive, Dropbox etc) before presenting them in the seminar.

=== Alternative task 2 ===

Create two spread phishing scenarios:

# One dynamic, using a ChatGPT prompt to compose the phishing email. The prompt may include context such as the employee’s email address, job title, communication language, country of residence, company name, and industry. GPT has internet access and may use real supplementary information to compose the message. The email must be generated using a single-shot prompt.
# The second scenario is a static HTML email, where the same parameters can be used.
Email will be sent out from existing Phishbite domain pool. Student can define which of the domains will be used.

For both templates, when presenting the template, explain why this particular phishing email might be effective. What factors is the phisher exploiting?

Based on the created scenarios, each phishing email will be sent to 50 randomly selected email addresses of Phishbite client employees.

Student will get overview of their Phishing emails performance based on the real user testing data.

They will also get additional feedback from Phishbite team. Top performers may get an offer for an internship with PhishBite.

To complete the task, email your scenarios to Urmo (cc: Kristjan) not later than '''march 10, 2026'''.

'''This task is limited to 20 students. Register below.'''
# Martten Tiitsma
# Dmitri Plotnikov
# Jan Albers
# Kamil Błasiak
# Andres Alexander Jürgenson
# Renee Žugov
# Kaisa Arge
# Juss Roderick Janson
# Idrees Muhammad
# Daniil Yussopov
# Yuliia Sidelnik
# Robert Kadak
# Vladislav Šahhov
# Danila Võssotski
# Kevin Woollard
# Ruslana Jankovska
# Ellen Marie Lasson
# Konstantin Tužikov
# Mykola Fernandes de Rives
# your_name_here

=== The Seminars ===

Seminar 2: Thursday, March 12
* ...
* Daniel Slavoševski, Maksym Fedorov, Danila Karotam
* ...
* Tõnis Kändmaa

Seminar 3: Thursday, March 19
* Idrees M
* Tomas Silva, Anna Sulkhanishvili, Toghrul Aghayev
* Alirza Zaidov, Mahammad Seyidzada, Onarbay Yusifov
* ...

Seminar 4: Thursday, March 26
* Erik Pihtje, Martten Tiitsma, Erik Rasmus Alt
* Ian Tuttle, Juri Bogdanov, Evgenia Gammer
* Henri Tõnnus, Isabel Zimmermann, Märten Pikkof
* RESERVED for Urmo to talk about the phishing simulation results.

Bonus Seminar 1: Tuesday, March 31 @ 12:00
* Mathias Siimon, Günther Miklas, Joosep Rehepapp
* Konstantin Tužikov, Ellen Marie Lasson, Ruslana Jankovska
* Ayaz Zeynalov, Kuzey Arda Bulut.
* Jekaterina Lugovets, Liisa-Maria Laide, Magnus

Bonus Seminar 2: Thursday, April 2 @ 12:00
* Algirdas Mačenskis,
* your_names_here
* your_names_here
* your_names_here

[[Social Engineering | Back to the course page]]

Exam schedule

2024-12-25T23:43:22Z

Almace:

NB! Make sure you're registered for the exam in ÕIS!

# DEC 27 8:00-8:55
#* Rivo Lipp
#* Oleksii Kolomoiets
#* Hanna-Marii Kaljas
#* Feodor Djatlov
#* your_name_here
# DEC 27 9:00-9:55
#* Günther Miklas
#* Onarbay Yusifov
#* Ayaz Zeynalov
#* Alirza Zaidov
#* Juss Roderick Janson
# DEC 27 10:00-10:55
#* Nizami Hasanov
#* Maksym Fedorov
#* Zhiyun Wang
#* Pavel Kirillov
#* your_name_here
# DEC 27 11:00-11:55
#* Maivo Sirelbu
#* your_name_here
#* Patrik Tamm
#* Mathias Siimon
#* your_name_here
# DEC 27 12:35-12:55
#* your_name_here
#* Harald Paquay
# DEC 27 13:00-13:55
#* Cebanu Dan
#* your_name_here
#* Illia Shved
#* Liisa-Maria Laide
#* your_name_here
# DEC 27 14:00-14:55
#* Nikoloz Chichinadze
#* your_name_here
#* Danila Vysotski
#* Deborah Allan Chapkovski
#* your_name_here
# DEC 27 15:00-15:55
#* Magnus Jaaska
#* Erik Pihtje
#* Evgenia Gammer
#* Danila Sisov
#* your_name_here
# DEC 27 16:00-16:55
#* Kamil Błasiak
#* Ksawery Nowina-Witkowski
#* Maxim Borodin
#* Mahammad Seyidzada
#* Thomas Dourgarian

DEC 30 8:00-10:00
#* Timofei Dashkevich
#* Algirdas Mačenskis
#* your_name_here
#* your_name_here
#* your_name_here
#* your_name_here
#* your_name_here
#* your_name_here
#* your_name_here
#* your_name_here

JAN 2 17:00-20:00
#* Katrin Barth
#* Fabienne Golle
#* Ilja Priimak
#* Karl Viiburg
#* your_name_here
#* your_name_here
#* your_name_here
#* your_name_here
#* your_name_here
#* your_name_here
#* your_name_here
#* your_name_here
#* your_name_here
#* your_name_here
#* your_name_here

[[SPEAIT|Back to the main course page]]

Group 1 seminar schedule

2024-12-10T17:54:01Z

Almace:

# OCT 31 [https://livettu.sharepoint.com/:v:/r/sites/SPEAITICS0006-Autumn2024/Shared%20Documents/Seminars/Recordings/SPEAIT%20seminar%20Oct%2031%202024-20241031_081703-Meeting%20Recording.mp4?csf=1&web=1&e=azS2x2&nav=eyJyZWZlcnJhbEluZm8iOnsicmVmZXJyYWxBcHAiOiJTdHJlYW1XZWJBcHAiLCJyZWZlcnJhbFZpZXciOiJTaGFyZURpYWxvZy1MaW5rIiwicmVmZXJyYWxBcHBQbGF0Zm9ybSI6IldlYiIsInJlZmVycmFsTW9kZSI6InZpZXcifX0%3D Recording]
#* Mattia Marchese (The "viral" aspects of the General Public License)
#* Rivo Lipp - Ethics of Digital Legacy
#* Denys Boiko, Cryptocurrency and Cybersecurity: Protecting Digital Assets in a Decentralized World
#* your_name_here
#* Thomas Dourgarian - Retail investment boom
# NOV 7 [https://livettu.sharepoint.com/sites/SPEAITICS0006-Autumn2024/Shared%20Documents/Seminars/Recordings/SPEAIT%20seminar%20Nov%207%202024%20(Group%201)-20241107_081558-Meeting%20Recording.mp4?web=1&referrer=Teams.TEAMS-ELECTRON&referrerScenario=MeetingChicletGetLink.view Recording]
#* Magnus Jaaska Public (Key Infrastructure and Estonian eID)
#* Oleksii Kolomoiets (security in GPS system)
#* Timofei Dashkevich (Ethics of smart cars)
#* Feodor Djatlov (Ethics of Cyber Warfare and its relation to International Law)
#* Evgenia Gammer (Digital Addiction and Technology Companies' Responsibility)
# NOV 14 [https://livettu.sharepoint.com/sites/SPEAITICS0006-Autumn2024/Shared%20Documents/Seminars/Recordings/SPEAIT%20seminar%20Nov%2014%202024%20(Group%201)-20241114_082053-Meeting%20Recording.mp4?web=1&referrer=Teams.TEAMS-ELECTRON&referrerScenario=MeetingChicletGetLink.view Recording]
#* Danila Karotam (Psychological Aspects of Phishing: How Cybercriminals Exploit Cognitive Biases)
#* Kamil Błasiak (Digital surveillance)
#* Juss Roderick Janson (The Rise of Esports)
#* Deborah Allan Chapkovski (Digital Footprint)
#* Mahammad Sevidzada - Ethical Implications of Red Teaming in Cybersecurity
# NOV 21 [https://livettu.sharepoint.com/sites/SPEAITICS0006-Autumn2024/Shared%20Documents/Seminars/Recordings/SPEAIT%20seminar%20Nov%2021%202024%20(Group%201)-20241121_081552-Meeting%20Recording.mp4?web=1&referrer=Teams.TEAMS-ELECTRON&referrerScenario=MeetingChicletGetLink.view Recording]
#* Maxim Borodin, Biometrical authentification
#* Danila Sisov - 5G Security
#* (2nd)Denys Boiko, Dark Web: is it really just a threat?
#* Günther Miklas - The Hidden Costs of Software Piracy
#* Alirza Zaidov (Online Communication and its Psychological Impacts on Society)
# NOV 28 [https://livettu.sharepoint.com/sites/SPEAITICS0006-Autumn2024/Shared%20Documents/Seminars/Recordings/SPEAIT%20seminar%20Nov%2028%202024%20(Group%201)-20241128_081511-Meeting%20Recording.mp4?web=1&referrer=Teams.TEAMS-ELECTRON&referrerScenario=MeetingChicletGetLink.view Recording]
#* Alex Petritch (Steganography)
#* Karl Kiilaspää (IoT Devices and their problems)
#* Mathias Siimon - Crypto War 1990-2000
#* Hanna-Marii Kaljas (AI in Education: Transforming How We Teach and Learn)
#* Ayaz Zeynalov (Ethical Challenges of AI in Decision-Making)
# DEC 5
#* Nizami Hasanov (Cloud Computing & Services)
#* Onarbay Yusifov - Digital Censorship
#* Jekaterina Lugovets
#* Oskar Lillerand
#* Joosep Rehepapp
# DEC 12
#* Algirdas Mačenskis; The evolution of first person shooter games
#* Katrin Barth; Ethical and social implications of Data privacy in the digital age
#* Andrei Sarantsin: NFT-do we need them?
#* Gregor Lass
#* Robert Kadak
# DEC 19
#* Armin Schütz
#* Ayaz Zeynalov(2nd)Ethical Aspects of Implementing VR/AR in Education
#* Pavel Kirillov
#* (2nd) Alex Petritch
#* (2nd) German Ritt
[[SPEAIT|Back to the main course page]]

Group 1 seminar schedule

2024-09-22T20:29:23Z

Almace:

LINK TO RECORDINGS (will be published when seminars start)

# OCT 31:
#* Mattia Marchese (The "viral" aspects of the General Public License)
#* Rivo Lipp
#* Katrin Barth; Ethical and social implications of Data privacy in the digital age
#* Gregor Lass
#* Thomas Dourgarian
# NOV 7
#* Magnus Jaaska
#* Oleksii Kolomoiets
#* Timofei Dashkevich
#* Feodor Djatlov
#* Evgenia Gammer
# NOV 14
#* Deborah Allan Chapkovski
#* Kamil Błasiak
#* Mahammad Seyidzada
#* Danila Karotam
#* Juss Roderick Janson
# NOV 21
#* Maxim Borodin
#* Danila Sisov
#* Denys Boiko
#* Günther Miklas
#* Alirza Zaidov
# NOV 28
#* Alex Petritch
#* Karl Kiilaspää
#* Mathias Siimon
#* Hanna-Marii Kaljas
#* Ayaz Zeynalov
# DEC 5
#* Nizami Hasanov
#* Onarbay Yusifov
#* Jekaterina Lugovets
#* Oskar Lillerand
#* Joosep Rehepapp
# DEC 12
#* Algirdas Mačenskis
#* your_name_here
#* your_name_here
#* your_name_here
#* your_name_here
# DEC 19
#* your_name_here
#* your_name_here
#* your_name_here
#* your_name_here
#* your_name_here

[[SPEAIT|Back to the main course page]]