ICS0018 Hands-on seminars: Difference between revisions
No edit summary |
Kaido.kikkas (talk | contribs) |
||
| (119 intermediate revisions by 53 users not shown) | |||
| Line 1: | Line 1: | ||
=== The idea === | === The idea === | ||
The hands-on seminars are based on ScamLab materials. The goal is to learn about different scams in a safe(ish) but real environment. A little side quest is to waste scammers' time so that they can't use it on actual victims. | The hands-on seminars are a task for '''teams of three''' (initially based on Kristjan Karmo's ScamLab materials). The goal is to learn about different scams in a safe(ish) but real environment. A little side quest is to waste scammers' time so that they can't use it on actual victims. | ||
A successful presentation will result in passing the course if the attendance criteria ( | A successful presentation will result in passing the course if the attendance criteria (5 out of 8 lectures and seminars) is met. To register a presentation, '''please team up and register below''', in your chosen time slot. '''There are limited presentation slots - first come, first served!''' (note: as people sign up, we will probably have to cram as many presentations as possible into each seminar - but the space is not infinite, we will have more or less 90 minutes for each). | ||
Note: this time, we went from paired work to 3-person teams due to the number of people in the course (the seminar time would not have been enough for pairs). | |||
=== The Task === | === The Task === | ||
| Line 25: | Line 26: | ||
Here's the grand prize: if you manage to engage with at least 3 scammers for an email chain of 5 messages or more (they respond to at least 2 of your letters in the same thread), and present your findings at one of the seminars, '''you pass the course'''. It's not as easy as it might first seem. | Here's the grand prize: if you manage to engage with at least 3 scammers for an email chain of 5 messages or more (they respond to at least 2 of your letters in the same thread), and present your findings at one of the seminars, '''you pass the course'''. It's not as easy as it might first seem. | ||
An alternative way to pass is to educate people in your social network, friends, family, coworkers, etc about scams, how to spot them, how to avoid them, what to do if you're already a victim. | An alternative way to pass is to educate people in your social network, friends, family, coworkers, etc about scams, how to spot them, how to avoid them, what to do if you're already a victim. If you want to use this option, please contact Kaido (over e-mail or MS Teams) and suggest how would you do it. | ||
=== The Seminars === | === The Seminars === | ||
The hands-on seminars will have the following schedule: | |||
* Thursday, March 6 at noon (12:00) | |||
** Ksawery Nowina-Witkowski, Nikoloz Chichinadze, Ionut-Cristian Sindile ✓ | |||
** Stiven Lille, Innar Viinamäe, Georg Lee ✓ | |||
** Liam Ivanko Kivirist, Pavlo Kolesov, Julian Gressmann ✓ | |||
** Mark-Henry Jakobsoo, Madis Randmäe, Eliina Gorobets ✓ | |||
* Thursday, March 13 at noon (12:00) | |||
** Valerija Kuzina, Vassili Korobov, Andrei Timoshin ✓ | |||
** Fuad Suleymanov, Aydin Cankat, Andrei Mironov ✓ | |||
** Nikita Šabunin, Artem Skurchynskyi, Maksim Balašov ✓ | |||
** Maksim Segen, Anton Belošapkin, Maksim Tsõpov ✓ | |||
** Grete-Lilijane Küppas, Felix Hohenadel ✓ | |||
* Thursday, March 20 at noon (12:00) | |||
** Kaspar Sibul, Matīss Ceriņš, Liyanage Don Sithil Insara Liyanage | |||
** Marat Biryukov, Maria Aleksandra Ploduhhina, Kirill Ševtsov | |||
** David Ayson, Angelica Daisi Stewart, Tekla Berozashvili | |||
** Rassell Muru, Ivan Kuznetsov, Andrei Šutkov | |||
** Tanel Maasik, Gabriel Jääger, Eric Richard Kogerman | |||
* Thursday, March 27 at noon (12:00) | |||
** Deniss Pavlov, Diana Anastassija Turks, Pavel Shemetov | |||
** Dulan Damien Candauda Arachchiege, Balazs Lambert | |||
** Gregor Lass, Constantin Dierscheke, Gergely Benkő | |||
** Oleh Rohachov, Andrii Korol, Manana Bebia | |||
** Vusal Sayadov, Jeyhun Mustafayev, Salim Akbarov | |||
[[Social Engineering | Back to the course page]] | [[Social Engineering | Back to the course page]] | ||
Latest revision as of 13:41, 13 March 2025
The idea
The hands-on seminars are a task for teams of three (initially based on Kristjan Karmo's ScamLab materials). The goal is to learn about different scams in a safe(ish) but real environment. A little side quest is to waste scammers' time so that they can't use it on actual victims. A successful presentation will result in passing the course if the attendance criteria (5 out of 8 lectures and seminars) is met. To register a presentation, please team up and register below, in your chosen time slot. There are limited presentation slots - first come, first served! (note: as people sign up, we will probably have to cram as many presentations as possible into each seminar - but the space is not infinite, we will have more or less 90 minutes for each).
Note: this time, we went from paired work to 3-person teams due to the number of people in the course (the seminar time would not have been enough for pairs).
The Task
Step 1: Create a fake identity and honeypot email account for engaging with scammers. Other platforms are also welcome, as long as you are able to protect your identity.
Step 2: Distribute the email address on shady or spammy sites, such as social media, online forums, etc. Some tips can be found here https://www.quora.com/How-can-I-get-scam-emails
Step 3: Wait for the scams to start rolling in.
Step 4: Engage! First select if you're going to use a naïve or aggressive approach.
If you don't manage to get any scammers to directly email your newly created address, go look in your regular mailbox, in the spam folder, ask friends & family, etc. NB! Before replying to any of those "crowdsourced" scam emails from your fake account, be sure to delete the address it was originally sent to.
Some tips for safety:
- Never reveal your (or anyone else's) real personal information to the scammers. Make up something realistic.
- Never open any links in emails unless you're in a protected sandbox environment.
- NEVER give out any real financial information, account information, or passwords.
- Always use Multi-Factor Authentication (MFA). Even on your fake accounts.
Here's the grand prize: if you manage to engage with at least 3 scammers for an email chain of 5 messages or more (they respond to at least 2 of your letters in the same thread), and present your findings at one of the seminars, you pass the course. It's not as easy as it might first seem.
An alternative way to pass is to educate people in your social network, friends, family, coworkers, etc about scams, how to spot them, how to avoid them, what to do if you're already a victim. If you want to use this option, please contact Kaido (over e-mail or MS Teams) and suggest how would you do it.
The Seminars
The hands-on seminars will have the following schedule:
- Thursday, March 6 at noon (12:00)
- Ksawery Nowina-Witkowski, Nikoloz Chichinadze, Ionut-Cristian Sindile ✓
- Stiven Lille, Innar Viinamäe, Georg Lee ✓
- Liam Ivanko Kivirist, Pavlo Kolesov, Julian Gressmann ✓
- Mark-Henry Jakobsoo, Madis Randmäe, Eliina Gorobets ✓
- Thursday, March 13 at noon (12:00)
- Valerija Kuzina, Vassili Korobov, Andrei Timoshin ✓
- Fuad Suleymanov, Aydin Cankat, Andrei Mironov ✓
- Nikita Šabunin, Artem Skurchynskyi, Maksim Balašov ✓
- Maksim Segen, Anton Belošapkin, Maksim Tsõpov ✓
- Grete-Lilijane Küppas, Felix Hohenadel ✓
- Thursday, March 20 at noon (12:00)
- Kaspar Sibul, Matīss Ceriņš, Liyanage Don Sithil Insara Liyanage
- Marat Biryukov, Maria Aleksandra Ploduhhina, Kirill Ševtsov
- David Ayson, Angelica Daisi Stewart, Tekla Berozashvili
- Rassell Muru, Ivan Kuznetsov, Andrei Šutkov
- Tanel Maasik, Gabriel Jääger, Eric Richard Kogerman
- Thursday, March 27 at noon (12:00)
- Deniss Pavlov, Diana Anastassija Turks, Pavel Shemetov
- Dulan Damien Candauda Arachchiege, Balazs Lambert
- Gregor Lass, Constantin Dierscheke, Gergely Benkő
- Oleh Rohachov, Andrii Korol, Manana Bebia
- Vusal Sayadov, Jeyhun Mustafayev, Salim Akbarov
