ICS0018 Hands-on seminars: Difference between revisions

From ICO wiki
Jump to navigationJump to search
Albahm (talk | contribs)
No edit summary
 
(65 intermediate revisions by 32 users not shown)
Line 1: Line 1:
* THE COURSE IS NOT ACTIVE AT THE MOMENT. THE NEXT RUN WILL LIKELY TAKE PLACE IN SPRING 2025. THE INFORMATION HERE IS FROM THE LAST RUN IN SPRING 2024.
=== The idea ===
=== The idea ===


The hands-on seminars are based on ScamLab materials. The goal is to learn about different scams in a safe(ish) but real environment. A little side quest is to waste scammers' time so that they can't use it on actual victims.  
The hands-on seminars are a pair task based on ScamLab materials. The goal is to learn about different scams in a safe(ish) but real environment. A little side quest is to waste scammers' time so that they can't use it on actual victims.  
A successful presentation will result in passing the course if the attendance criteria (6 out of 8 lectures and seminars) is met. To register a presentation, '''please send an e-mail to Kristjan''', stating the chosen time slot. '''There are limited presentation slots - first come, first served!'''
A successful presentation will result in passing the course if the attendance criteria (6 out of 8 lectures and seminars) is met. To register a presentation, '''please pair up and register below''', in your chosen time slot. '''There are limited presentation slots - first come, first served!'''
 


=== The Task ===
=== The Task ===
Line 18: Line 19:


Some tips for safety:
Some tips for safety:
# Never reveal your (or anyone else's) real presonal information to the scammers. Make up something realistic.
# Never reveal your (or anyone else's) real personal information to the scammers. Make up something realistic.
# Never open any links in emails unless you're in a protected sandbox environment.
# Never open any links in emails unless you're in a protected sandbox environment.
# NEVER give out any real financial information, account information, or passwords.
# NEVER give out any real financial information, account information, or passwords.
Line 29: Line 30:
=== The Seminars ===
=== The Seminars ===


# March 1:
The hands-on seminars will have the following schedule:
#* Homework discussion: fake identities, findings in honeypots
* ...
#* Petr Jelinek ✅
 
#* Phasha Davrishev ✅
#* Anton Višnevski, Denis Shadrin ✅
#* Vladyslava Shekula ✅
#* Ilya Nikolaev ✅
# March 8:
#* Scambaiting: aggressive approach
#* Helena Veebel ✅
#* Aleksandr Voronkov ✅
#* Maria Logberg ✅
#* Farid Azizov ✅
#* Rauf Gozal ✅
# March 15:
#* Scambaiting: naïve approach
#* Karmo Kütt ✅
#* Alejandro Ballesteros Perez ✅
#* Lorenzo Cavallini ✅
#* Sanan Mammadli ✅
#* Filip Tomeš ✅
# March 21 8:15:
#* Allen-Kristjan Päll ✅
#* Rashad Baghiyev ✅
#* Edvin Toome (no-show)
#* Maksim Gorozhanko (no-show)
#* Mark Samoilov ✅
#* Can Caglar ✅
#* Roman Krutsko ✅
# March 21 10:00:
#* Dmitri Trubetskoi ✅
#* Johannes Kodumäe ✅
#* Risto Remmel ✅
#* Bendeguz Koszticsak ✅
#* Semen Diev ✅
#* Kristina Maria Rasmussen + Abdiraxman Omar Mahmud Farah (no-show)
#* Aamos Lokuta* ✅
#* Yaroslav Bilobrov* ✅
# March 22:
#* Scam prevention, how to educate others
#* Nicoleta Petrea ✅
#* Hannes Kraavi (scambaiting, naïve approach) ✅
#* Talha Gesen ✅
#* Georgi Tarassov ✅
#* Daniil Lemberg ✅
#* Pavel Rotov ✅
#* Kristina Maria Rasmussen + Abdiraxman Omar Mahmud Farah ✅
# March 23 (CotW, if there's time):
#* Artyom Davydik
#* Edvin Toome
#* Maksim Gorozhanko


[[Social Engineering | Back to the course page]]
[[Social Engineering | Back to the course page]]

Latest revision as of 09:53, 17 June 2024

  • THE COURSE IS NOT ACTIVE AT THE MOMENT. THE NEXT RUN WILL LIKELY TAKE PLACE IN SPRING 2025. THE INFORMATION HERE IS FROM THE LAST RUN IN SPRING 2024.

The idea

The hands-on seminars are a pair task based on ScamLab materials. The goal is to learn about different scams in a safe(ish) but real environment. A little side quest is to waste scammers' time so that they can't use it on actual victims. A successful presentation will result in passing the course if the attendance criteria (6 out of 8 lectures and seminars) is met. To register a presentation, please pair up and register below, in your chosen time slot. There are limited presentation slots - first come, first served!

The Task

Step 1: Create a fake identity and honeypot email account for engaging with scammers. Other platforms are also welcome, as long as you are able to protect your identity.

Step 2: Distribute the email address on shady or spammy sites, such as social media, online forums, etc. Some tips can be found here https://www.quora.com/How-can-I-get-scam-emails

Step 3: Wait for the scams to start rolling in.

Step 4: Engage! First select if you're going to use a naïve or aggressive approach.

If you don't manage to get any scammers to directly email your newly created address, go look in your regular mailbox, in the spam folder, ask friends & family, etc. NB! Before replying to any of those "crowdsourced" scam emails from your fake account, be sure to delete the address it was originally sent to.

Some tips for safety:

  1. Never reveal your (or anyone else's) real personal information to the scammers. Make up something realistic.
  2. Never open any links in emails unless you're in a protected sandbox environment.
  3. NEVER give out any real financial information, account information, or passwords.
  4. Always use Multi-Factor Authentication (MFA). Even on your fake accounts.

Here's the grand prize: if you manage to engage with at least 3 scammers for an email chain of 5 messages or more (they respond to at least 2 of your letters in the same thread), and present your findings at one of the seminars, you pass the course. It's not as easy as it might first seem.

An alternative way to pass is to educate people in your social network, friends, family, coworkers, etc about scams, how to spot them, how to avoid them, what to do if you're already a victim.

The Seminars

The hands-on seminars will have the following schedule:

  • ...


Back to the course page