ICO wiki - User contributions [en]

ICS0018 Hands-on seminars

2026-03-02T18:26:59Z

Ruslaj:

=== The idea ===

The hands-on seminars are a task for '''teams of three''' (initially based on Kristjan's ScamLab materials). The goal is to learn about different scams in a safe(ish) but real environment. A little side quest is to waste scammers' time so that they can't use it on actual victims.
A successful presentation will result in passing the course if the attendance criteria (5 out of 8 lectures and seminars) is met. To register a presentation, '''please team up and register below''', in your chosen time slot. '''There are limited presentation slots - first come, first served!''' (note: as people sign up, we will probably have to cram as many presentations as possible into each seminar - but the space is not infinite, we will have more or less 90 minutes for each).

Note: this time, we went from paired work to 3-person teams due to the number of people in the course (the seminar time would not have been enough for pairs).

=== The Task ===

Step 1: Create a fake identity and honeypot email account for engaging with scammers. Other platforms are also welcome, as long as you are able to protect your identity.

Step 2: Distribute the email address on shady or spammy sites, such as social media, online forums, etc. Some tips can be found here https://www.quora.com/How-can-I-get-scam-emails

Step 3: Wait for the scams to start rolling in.

Step 4: Engage! First select if you're going to use a naïve or aggressive approach.

If you don't manage to get any scammers to directly email your newly created address, go look in your regular mailbox, in the spam folder, ask friends & family, etc. NB! Before replying to any of those "crowdsourced" scam emails from your fake account, be sure to delete the address it was originally sent to.

Some tips for safety:
# Never reveal your (or anyone else's) real personal information to the scammers. Make up something realistic.
# Never open any links in emails unless you're in a protected sandbox environment.
# NEVER give out any real financial information, account information, or passwords.
# Always use Multi-Factor Authentication (MFA). Even on your fake accounts.

Here's the grand prize: if you manage to engage with at least 3 scammers for a message chain of 5 or more (they respond to at least 2 of your messages in the same thread), and present your findings at one of the seminars, '''you pass the course'''. It's not as easy as it might first seem.

=== Alternative task ===

An alternative way to pass is to educate people in your social network, friends, family, coworkers, etc about scams, how to spot them, how to avoid them, what to do if you're already a victim. If you want to use this option, please contact Kaido (over e-mail or MS Teams) and suggest how would you do it.

# pre-survey (what do the people know about the topic and what they want to learn - can be done either well ahead in writing or orally before the event, but should be documented)
# training description and syllabus
# training material (typically, presentation slides)
# some photos of the training event (showing that it actually happened)
# post-survey (what did the people learn and how did they evaluate the training)

The materials listed above should be compressed to a single archive file (e.g. .zip) and sent to Kristjan (via e-mail, Teams or other channel - Google Drive, Dropbox etc) before presenting them in the seminar.

=== Alternative task 2 ===

Create two spread phishing scenarios:

# One dynamic, using a ChatGPT prompt to compose the phishing email. The prompt may include context such as the employee’s email address, job title, communication language, country of residence, company name, and industry. GPT has internet access and may use real supplementary information to compose the message. The email must be generated using a single-shot prompt.
# The second scenario is a static HTML email, where the same parameters can be used.
Email will be sent out from existing Phishbite domain pool. Student can define which of the domains will be used.

For both templates, when presenting the template, explain why this particular phishing email might be effective. What factors is the phisher exploiting?

Based on the created scenarios, each phishing email will be sent to 50 randomly selected email addresses of Phishbite client employees.

Student will get overview of their Phishing emails performance based on the real user testing data.

They will also get additional feedback from Phishbite team. Top performers may get an offer for an internship with PhishBite.

To complete the task, email your scenarios to Urmo (cc: Kristjan) not later than '''march 10, 2026'''.

'''This task is limited to 20 students. Register below.'''
# Martten Tiitsma
# Dmitri Plotnikov
# Jan Albers
# Kamil Błasiak
# Andres Alexander Jürgenson
# Renee Žugov
# Kaisa Arge
# Juss Roderick Janson
# Idrees Muhammad
# Daniil Yussopov
# Yuliia Sidelnik
# Robert Kadak
# Vladislav Šahhov
# Danila Võssotski
# Kevin Woollard
# Ruslana Jankovska
# Ellen Marie Lasson
# Konstantin Tužikov
# your_name_here
# your_name_here

=== The Seminars ===

Seminar 2: Thursday, March 12
* ...
* Daniel Slavoševski, Maksym Fedorov, Danila Karotam
* Ayaz Zeynalov, Kuzey Arda Bulut.
* Tõnis Kändmaa

Seminar 3: Thursday, March 19
* Idrees M, Yuliia Sidelnik, Kevin Woollard
* Tomas Silva, Anna Sulkhanishvili, Toghrul Aghayev
* Alirza Zaidov, Mahammad Seyidzada, Onarbay Yusifov
* Liisa-Maria Laide, Magnus Jaaska, Jekaterina Lugovets

Seminar 4: Thursday, March 26
* Erik Pihtje, Martten Tiitsma, Erik Rasmus Alt
*
* Henri Tõnnus, Isabel Zimmermann, Märten Pikkof
* RESERVED for Urmo to talk about the phishing simulation results.

Bonus Seminar: TBD
* ...
* ...
* ...
* ...

[[Social Engineering | Back to the course page]]

ICS0018 Hands-on seminars

2026-03-02T18:20:48Z

Ruslaj:

=== The idea ===

The hands-on seminars are a task for '''teams of three''' (initially based on Kristjan's ScamLab materials). The goal is to learn about different scams in a safe(ish) but real environment. A little side quest is to waste scammers' time so that they can't use it on actual victims.
A successful presentation will result in passing the course if the attendance criteria (5 out of 8 lectures and seminars) is met. To register a presentation, '''please team up and register below''', in your chosen time slot. '''There are limited presentation slots - first come, first served!''' (note: as people sign up, we will probably have to cram as many presentations as possible into each seminar - but the space is not infinite, we will have more or less 90 minutes for each).

Note: this time, we went from paired work to 3-person teams due to the number of people in the course (the seminar time would not have been enough for pairs).

=== The Task ===

Step 1: Create a fake identity and honeypot email account for engaging with scammers. Other platforms are also welcome, as long as you are able to protect your identity.

Step 2: Distribute the email address on shady or spammy sites, such as social media, online forums, etc. Some tips can be found here https://www.quora.com/How-can-I-get-scam-emails

Step 3: Wait for the scams to start rolling in.

Step 4: Engage! First select if you're going to use a naïve or aggressive approach.

If you don't manage to get any scammers to directly email your newly created address, go look in your regular mailbox, in the spam folder, ask friends & family, etc. NB! Before replying to any of those "crowdsourced" scam emails from your fake account, be sure to delete the address it was originally sent to.

Some tips for safety:
# Never reveal your (or anyone else's) real personal information to the scammers. Make up something realistic.
# Never open any links in emails unless you're in a protected sandbox environment.
# NEVER give out any real financial information, account information, or passwords.
# Always use Multi-Factor Authentication (MFA). Even on your fake accounts.

Here's the grand prize: if you manage to engage with at least 3 scammers for a message chain of 5 or more (they respond to at least 2 of your messages in the same thread), and present your findings at one of the seminars, '''you pass the course'''. It's not as easy as it might first seem.

=== Alternative task ===

An alternative way to pass is to educate people in your social network, friends, family, coworkers, etc about scams, how to spot them, how to avoid them, what to do if you're already a victim. If you want to use this option, please contact Kaido (over e-mail or MS Teams) and suggest how would you do it.

# pre-survey (what do the people know about the topic and what they want to learn - can be done either well ahead in writing or orally before the event, but should be documented)
# training description and syllabus
# training material (typically, presentation slides)
# some photos of the training event (showing that it actually happened)
# post-survey (what did the people learn and how did they evaluate the training)

The materials listed above should be compressed to a single archive file (e.g. .zip) and sent to Kristjan (via e-mail, Teams or other channel - Google Drive, Dropbox etc) before presenting them in the seminar.

=== Alternative task 2 ===

Create two spread phishing scenarios:

# One dynamic, using a ChatGPT prompt to compose the phishing email. The prompt may include context such as the employee’s email address, job title, communication language, country of residence, company name, and industry. GPT has internet access and may use real supplementary information to compose the message. The email must be generated using a single-shot prompt.
# The second scenario is a static HTML email, where the same parameters can be used.
Email will be sent out from existing Phishbite domain pool. Student can define which of the domains will be used.

For both templates, when presenting the template, explain why this particular phishing email might be effective. What factors is the phisher exploiting?

Based on the created scenarios, each phishing email will be sent to 50 randomly selected email addresses of Phishbite client employees.

Student will get overview of their Phishing emails performance based on the real user testing data.

They will also get additional feedback from Phishbite team. Top performers may get an offer for an internship with PhishBite.

To complete the task, email your scenarios to Urmo (cc: Kristjan) not later than '''march 10, 2026'''.

'''This task is limited to 20 students. Register below.'''
# Martten Tiitsma
# Dmitri Plotnikov
# Jan Albers
# Kamil Błasiak
# Andres Alexander Jürgenson
# Renee Žugov
# Kaisa Arge
# Juss Roderick Janson
# Idrees Muhammad
# Daniil Yussopov
# Yuliia Sidelnik
# Robert Kadak
# Vladislav Šahhov
# Danila Võssotski
# Kevin Woollard
# Ruslana Jankovska
# your_name_here
# your_name_here
# your_name_here
# your_name_here

=== The Seminars ===

Seminar 2: Thursday, March 12
* ...
* Daniel Slavoševski, Maksym Fedorov, Danila Karotam
* Ayaz Zeynalov, Kuzey Arda Bulut.
* Tõnis Kändmaa

Seminar 3: Thursday, March 19
* Idrees M, Yuliia Sidelnik, Kevin Woollard
* Tomas Silva, Anna Sulkhanishvili, Toghrul Aghayev
* Alirza Zaidov, Mahammad Seyidzada, Onarbay Yusifov
* Liisa-Maria Laide, Magnus Jaaska, Jekaterina Lugovets

Seminar 4: Thursday, March 26
* Erik Pihtje, Martten Tiitsma, Erik Rasmus Alt
*
* Henri Tõnnus, Isabel Zimmermann, Märten Pikkof
* RESERVED for Urmo to talk about the phishing simulation results.

Bonus Seminar: TBD
* ...
* ...
* ...
* ...

[[Social Engineering | Back to the course page]]

ICS0018 Hands-on seminars

2026-02-16T10:10:20Z

Ruslaj:

=== The idea ===

The hands-on seminars are a task for '''teams of three''' (initially based on Kristjan's ScamLab materials). The goal is to learn about different scams in a safe(ish) but real environment. A little side quest is to waste scammers' time so that they can't use it on actual victims.
A successful presentation will result in passing the course if the attendance criteria (5 out of 8 lectures and seminars) is met. To register a presentation, '''please team up and register below''', in your chosen time slot. '''There are limited presentation slots - first come, first served!''' (note: as people sign up, we will probably have to cram as many presentations as possible into each seminar - but the space is not infinite, we will have more or less 90 minutes for each).

Note: this time, we went from paired work to 3-person teams due to the number of people in the course (the seminar time would not have been enough for pairs).

=== The Task ===

Step 1: Create a fake identity and honeypot email account for engaging with scammers. Other platforms are also welcome, as long as you are able to protect your identity.

Step 2: Distribute the email address on shady or spammy sites, such as social media, online forums, etc. Some tips can be found here https://www.quora.com/How-can-I-get-scam-emails

Step 3: Wait for the scams to start rolling in.

Step 4: Engage! First select if you're going to use a naïve or aggressive approach.

If you don't manage to get any scammers to directly email your newly created address, go look in your regular mailbox, in the spam folder, ask friends & family, etc. NB! Before replying to any of those "crowdsourced" scam emails from your fake account, be sure to delete the address it was originally sent to.

Some tips for safety:
# Never reveal your (or anyone else's) real personal information to the scammers. Make up something realistic.
# Never open any links in emails unless you're in a protected sandbox environment.
# NEVER give out any real financial information, account information, or passwords.
# Always use Multi-Factor Authentication (MFA). Even on your fake accounts.

Here's the grand prize: if you manage to engage with at least 3 scammers for a message chain of 5 or more (they respond to at least 2 of your messages in the same thread), and present your findings at one of the seminars, '''you pass the course'''. It's not as easy as it might first seem.

=== Alternative task ===

An alternative way to pass is to educate people in your social network, friends, family, coworkers, etc about scams, how to spot them, how to avoid them, what to do if you're already a victim. If you want to use this option, please contact Kaido (over e-mail or MS Teams) and suggest how would you do it.

# pre-survey (what do the people know about the topic and what they want to learn - can be done either well ahead in writing or orally before the event, but should be documented)
# training description and syllabus
# training material (typically, presentation slides)
# some photos of the training event (showing that it actually happened)
# post-survey (what did the people learn and how did they evaluate the training)

The materials listed above should be compressed to a single archive file (e.g. .zip) and sent to Kristjan (via e-mail, Teams or other channel - Google Drive, Dropbox etc) before presenting them in the seminar.

=== Alternative task 2 ===

NB! Before choosing this task, discuss it with Kristjan on Teams.

Create two spread phishing scenarios:

# One dynamic, using a ChatGPT prompt to compose the phishing email. The prompt may include context such as the employee’s email address, job title, communication language, country of residence, company name, and industry. GPT has internet access and may use real supplementary information to compose the message. The email must be generated using a single-shot prompt.
# The second scenario is a static HTML email, where the same parameters can be used.
Email will be sent out from existing Phishbite domain pool. Student can define which of the domains will be used.

For both templates, when presenting the template, explain why this particular phishing email might be effective. What factors is the phisher exploiting?

Based on the created scenarios, each phishing email will be sent to 50 randomly selected email addresses of Phishbite client employees.

Student will get overview of their Phishing emails performance based on the real user testing data.

They will also get additional feedback from Phishbite team. Top performers may get an offer for an internship with PhishBite.

'''This task is limited to 20 students.'''

=== The Seminars ===

Seminar 1: Thursday, March 5
* Andres Alexander Jürgenson, Renee Žugov, Kaisa Arge
* ...
* ...
* ...

Seminar 2: Thursday, March 12
* ...
* ...
* Ayaz Zeynalov, Kuzey Arda Bulut.
* ...

Seminar 3: Thursday, March 19
* ...
* ...
* Alirza Zaidov, Mahammad Seyidzada, Onarbay Yusifov
* ...

Seminar 4: Thursday, March 26
* ...
* Ruslana Jankovska, Ellen Marie Lasson, Konstantin Tužikov
* ...
* ...

[[Social Engineering | Back to the course page]]

Exam schedule

2026-01-04T21:28:02Z

Ruslaj:

The schedule will be added here later during the course.

NB! Make sure you're registered for the exam in ÕIS!

# DEC 30 8:00-8:55
#* Stepan Denysenko
#* Ellen Marie Lasson
#* Remi Tammik
#* Emil Huseynzade
#* Austin Derck
# DEC 30 9:00-9:55
#* Daniel Kotov
#* Nikolai Kharkhan
#* Kirill Kotomtsev
#* Radions Laškovs
#* Remu Salminen
# DEC 30 10:00-10:55
#* Šarlote Stariņa
#* Renee Zugov
#* Midhat Shawl
#* Dumitru Ciobanu
#* Carolin Scholz
# DEC 30 11:00-11:55
#* Nikita Vinogradov
#* Rasmus Simson
#* Carl-Andero Tagamaa
#* Ka Ming Chan
#* Henrik Timmermann
# DEC 30 13:00-13:55
#* Mykhailo Bulakhov
#* your_name_here
#* Siim Marist
#* Marten Tihanov
#* Liviu Mereacre
# DEC 30 14:00-14:55
#* Andres Alexander Jürgenson
#* Märten Erik Loor
#* Oskar Märtin
#* Kaur Kantsik
#* Liisi Rüüsak
# DEC 30 15:00-15:55
#* your_name_here
#* Ivan Antipov
#* Jakob Luts
#* Valeri Kozlov
#* your_name_here
# DEC 30 16:00-16:55
#* Kuzey Arda Bulut
#* Manivald Umbjärv
#* Kaspars Kusiņš
#* Hulya Ayca Onerge
#* Tõnis Kändmaa

# JAN 5 8:00-8:55
#* Sander Eerik Vask
#* Yaroslav Yekasov
#* Luca Gluhhov
#* your_name_here
#* your_name_here
# JAN 5 9:00-9:55
#* Davyd Viniarskyi
#* Konstantin Tužikov
#* your_name_here
#* your_name_here
#* your_name_here
# JAN 5 10:00-10:55
#* Lorenz Ritsch
#* Erik-Kristian Einonpoika Kohtala
#* Sharif Khalilzade
#* Andreas Müller
#* Ruslana Jankovska
# JAN 5 11:00-11:55
#* Marta Meesak
#* Dmitri Plotnikov
#* Maksym Korchan
#* your_name_here
#* your_name_here
# JAN 5 13:00-13:55
#* your_name_here
#* Arseniy Savustyan
#* Virgo Teos
#* Justin Dakota Kincheloe
#* Aleksander Ader
# JAN 5 14:00-14:55
#* Daniel Sorokin
#* Markkus-Oliver Ollo
#* Hannes Erlich
#* your_name_here
#* your_name_here
# JAN 5 15:00-15:55
#* Nikolozi Khachiashvili
#* Menan Sali
#* Niki Sakvarelidze
#* your_name_here
#* your_name_here
# JAN 5 16:00-16:55
#* Mahir Mammadli
#* Aykhan Ahmad
#* Artoghrul Hasanli
#* Kermo Kolsar
#* your_name_here

[[SPEAIT|Back to the main course page]]

Exam schedule

2025-12-13T17:22:34Z

Ruslaj:

The schedule will be added here later during the course.

NB! Make sure you're registered for the exam in ÕIS!

# DEC 30 8:00-8:55
#* Dumitru Ciobanu
#* Danila Ivanov
#* Remi Tammik
#* Emil Huseynzade
#* Austin Derck
# DEC 30 9:00-9:55
#* Daniel Kotov
#* Nikolai Kharkhan
#* Kirill Kotomtsev
#* Radions Laškovs
#* Remu Salminen
# DEC 30 10:00-10:55
#* Šarlote Stariņa
#* Britten Remmelkoor
#* Midhat Shawl
#* your_name_here
#* Carolin Scholz
# DEC 30 11:00-11:55
#* Nikita Vinogradov
#* Rasmus Simson
#* your_name_here
#* your_name_here
#* your_name_here
# DEC 30 13:00-13:55
#* Mykhailo Bulakhov
#* Hulya Ayca Onerge
#* Siim Marist
#* Marten Tihanov
#* your_name_here
# DEC 30 14:00-14:55
#* Andres Alexander Jürgenson
#* Märten Erik Loor
#* Oskar Märtin
#* Kaur Kantsik
#* Liisi Rüüsak
# DEC 30 15:00-15:55
#* Chihpei Tsai
#* Ivan Antipov
#* your_name_here
#* your_name_here
#* Tõnis Kändmaa
# DEC 30 16:00-16:55
#* Renee Zugov
#* Manivald Umbjärv
#* Kaspars Kusiņš
#* your_name_here
#* your_name_here

# JAN 5 8:00-8:55
#* your_name_here
#* your_name_here
#* your_name_here
#* your_name_here
#* your_name_here
# JAN 5 9:00-9:55
#* Davyd Viniarskyi
#* your_name_here
#* Ruslana Jankovska
#* your_name_here
#* your_name_here
# JAN 5 10:00-10:55
#* Lorenz Ritsch
#* Erik-Kristian Einonpoika Kohtala
#* your_name_here
#* your_name_here
#* your_name_here
# JAN 5 11:00-11:55
#* Marta Meesak
#* your_name_here
#* Maksym Korchan
#* your_name_here
#* your_name_here
# JAN 5 13:00-13:55
#* Menan Sali
#* Arseniy Savustyan
#* Virgo Teos
#* Justin Dakota Kincheloe
#* your_name_here
# JAN 5 14:00-14:55
#* Daniel Sorokin
#* Markkus-Oliver Ollo
#* your_name_here
#* your_name_here
#* your_name_here
# JAN 5 15:00-15:55
#* Nikolozi Khachiashvili
#* your_name_here
#* your_name_here
#* your_name_here
#* your_name_here
# JAN 5 16:00-16:55
#* your_name_here
#* your_name_here
#* your_name_here
#* your_name_here
#* your_name_here

[[SPEAIT|Back to the main course page]]

Group 2 seminar schedule

2025-10-13T09:05:47Z

Ruslaj:

# seminar, Oct 30
#* Gren Paut 243471IVSB: Adware
#* Laava Magdalena Vatsel
#* Maksim Didenko, 251958IVSB. Research keywords: network/dark information society, EU policymaking, IT professional landscape.
#* Remi Tammik. Dark Web impact on IT, society and ethics.
#* Bulakhov Mykhailo : Cybersecurity Volunteers in Wartime: Ethics of Civilian Cyber Defense
# seminar, Nov 6
#* Sander Eerik Vask Piracy from a ethical and moral point of view
#* Radions Laškovs
#* Hulya Ayca Onerge
#* Chihpei Tsai:From " Cyber Sovereignty" to "Sovereign AI” : National Autonomy Strategies in the Digital Era
#* Daniel Sorokin
# seminar, Nov 13
#* Manivald Umbjarv 243455IVSB: Child protection laws and age verification
#* Ciobanu Dumitru: Remote Access Tools (RATs) and its Trojans: Between Privacy Concerns and Professional Utility
#* Aleksander Ader
#* Carl-Andero Tagamaa
#* Maksym Korchan: "Antivirus or spyware? The privacy paradox of security software"
#* Sebastian Alberto Parra Pinto (Dark Patterns & Manipulative UX)
# seminar, Nov 13 10:00-10:30
#* YOUR_NAME_HERE
#* YOUR_NAME_HERE
#* YOUR_NAME_HERE
#* YOUR_NAME_HERE
#* YOUR_NAME_HERE
# seminar, Nov 20
#* Mehin Hajizada 252728IVSB
#* Lorenz Ritsch 255944IVSB: Ethical and Social Aspects of Autonomous Driving
#* Tunar Abaszada
#* José Joaquín Urquizo Sotomayor
#* Konstantin Tužikov
#* Huseyn Mirjavadov 256197IVSB: Facial Recognition and Ethics
# seminar, Nov 27
#* [2nd] Laava Magdalena Vatsel
#* Enes Kaan Seven
#* Erik-Kristian Einonpoika Kohtala
#* [2nd] Sharlotte Lim, 255974IVSB
#* Ulvi Balashov
# seminar, Nov 27 10:00-10:30
#* YOUR_NAME_HERE
#* YOUR_NAME_HERE
#* Kaspars Kusiņš
#* YOUR_NAME_HERE
#* YOUR_NAME_HERE
# seminar, Dec 4
#* Siim Marist
#* Kaan Metin: (Deepfake usage and its affects)
#* Orkhan Hajiyev
#* Artoghrul Hasanli
#* Konya Maximilian
#* Henrik Timmermann (2000s and 2010s Cyberattacks and cyberweapons)
# seminar, Dec 11
#* Mares Vassiljev
#* Menan Sali
#* Ka Ming Chan
#* Oghuz Mamiyev
#* Davyd Viniarskyi
# seminar, Dec 12 10:00-10:30
#* Nikita Vinogradov
#* Ruslana Jankovska
#* YOUR_NAME_HERE
#* YOUR_NAME_HERE
#* YOUR_NAME_HERE
# seminar, Dec 18
#* [2nd] Maksim Didenko, 251958IVSB. Socioethical impact of addictive algorithms; corporate social responsibility
#* [2nd] Sharlotte Lim., 255974IVSB
#* Mares Vassiljev[2nd]
#* Aykhan Alizada
#* Marten Tihanov - The Practicality and Limits of Digital Invisibility

[[SPEAIT|Back to the main course page]]