ICS0018 Hands-on seminars: Difference between revisions
Kaido.kikkas (talk | contribs) No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
=== The idea === | |||
The hands-on seminars are based on ScamLab materials. | |||
A successful presentation will result in passing the course if the attendance criteria (6 out of 8 lectures and seminars) is met. To register a presentation, please send an e-mail to Kaido, stating the chosen time and person to cover. '''There are only 8 presentations in total - first come, first served!''' Others would have to resort to other tasks to pass the course! | |||
=== The Task === | |||
Step 1: Create a fake identity and honeypot email account for engaging with scammers. | |||
Step 2: Distribute the email address on shady or spammy sites, such as social media, online forums, etc. Some tips can be found here https://www.quora.com/How-can-I-get-scam-emails | |||
Step 3: Wait for the scams to start rolling in. | |||
Step 4: Engage! First select if you're going to use a naïve or aggressive approach. | |||
If you don't manage to get any scammers to directly email your newly created address, go look in your regular mailbox, in the spam folder, ask friends & family, etc. NB! Before replying to any of those "crowdsourced" scam emails from your fake account, be sure to delete the address it was originally sent to. | |||
Some tips for safety: | |||
# Never reveal your (or anyone else's) real personal information to the scammers. Make up something realistic. | |||
# Never open any links in emails unless you're in a protected sandbox environment. | |||
# NEVER give out any real financial information, account information, or passwords. | |||
# Always use Multi-Factor Authentication (MFA). Even on your fake accounts. | |||
Here's the grand prize: if you manage to engage with at least 3 scammers for an email chain of 5 messages or more (they respond to at least 2 of your letters in the same thread), and present your findings at one of the seminars, *you pass the course*. It's not as easy as it might first seem. | |||
An alternative way to pass is to educate people in your social network, friends, family, coworkers, etc about scams, how to spot them, how to avoid them, what to do if you're already a victim. | |||
=== The Seminars === | |||
# March 1: | |||
#* Homework discussion: fake identities, findings in honeypots | |||
#* Presenter 1 | |||
#* Presenter 2 | |||
#* ... | |||
# March 8: | |||
#* Scambaiting: aggressive approach | |||
#* Presenter 1 | |||
#* Presenter 2 | |||
#* ... | |||
# March 15: | |||
#* Scambaiting: naïve approach | |||
#* Presenter 1 | |||
#* Presenter 2 | |||
#* ... | |||
# March 22: | |||
#* Scam prevention, how to educate others | |||
#* Presenter 1 | |||
#* Presenter 2 | |||
#* ... | |||
[[Social Engineering | Back to the course page]] | [[Social Engineering | Back to the course page]] |
Revision as of 21:27, 31 January 2023
The idea
The hands-on seminars are based on ScamLab materials. A successful presentation will result in passing the course if the attendance criteria (6 out of 8 lectures and seminars) is met. To register a presentation, please send an e-mail to Kaido, stating the chosen time and person to cover. There are only 8 presentations in total - first come, first served! Others would have to resort to other tasks to pass the course!
The Task
Step 1: Create a fake identity and honeypot email account for engaging with scammers.
Step 2: Distribute the email address on shady or spammy sites, such as social media, online forums, etc. Some tips can be found here https://www.quora.com/How-can-I-get-scam-emails
Step 3: Wait for the scams to start rolling in.
Step 4: Engage! First select if you're going to use a naïve or aggressive approach.
If you don't manage to get any scammers to directly email your newly created address, go look in your regular mailbox, in the spam folder, ask friends & family, etc. NB! Before replying to any of those "crowdsourced" scam emails from your fake account, be sure to delete the address it was originally sent to.
Some tips for safety:
- Never reveal your (or anyone else's) real personal information to the scammers. Make up something realistic.
- Never open any links in emails unless you're in a protected sandbox environment.
- NEVER give out any real financial information, account information, or passwords.
- Always use Multi-Factor Authentication (MFA). Even on your fake accounts.
Here's the grand prize: if you manage to engage with at least 3 scammers for an email chain of 5 messages or more (they respond to at least 2 of your letters in the same thread), and present your findings at one of the seminars, *you pass the course*. It's not as easy as it might first seem.
An alternative way to pass is to educate people in your social network, friends, family, coworkers, etc about scams, how to spot them, how to avoid them, what to do if you're already a victim.
The Seminars
- March 1:
- Homework discussion: fake identities, findings in honeypots
- Presenter 1
- Presenter 2
- ...
- March 8:
- Scambaiting: aggressive approach
- Presenter 1
- Presenter 2
- ...
- March 15:
- Scambaiting: naïve approach
- Presenter 1
- Presenter 2
- ...
- March 22:
- Scam prevention, how to educate others
- Presenter 1
- Presenter 2
- ...