Cybersecurity Story

From Think Outside the Circle
Revision as of 14:55, 28 April 2021 by Dginter (talk | contribs) (progress update)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Scenario 1

A high school senior, Mitt, just finishes watching Network Chuck's episode on how scary easy it is to create a phishing attack. So he takes a half hour, builds the phishing web site designed to steal his "friends" credentials. Knowing that he and his friends have just had an assignment to create a profile page on LinkedIn, Mitt's phishing website "looks" like linkedin's login page, gather's the creadentials and then redirects to linkedIn.com, Using the Social Engineering Toolkit, Mitt crafts a phishing email that looks like it comes from LinkedIn using their logo and an email address that "looks like" its linked1n, asking the user to "fix" an error in their profile. Mitt sends the email to his friends AND the teacher from his home computer.

The next day at school, Mitt looks at the credential harvester results and is amazed to find that 50% of the class AND his teacher have "logged in" to LinkedIn and he has their usernames and passwords. Mitt's first thought is to go to linkedin using his "friends" credential and alter their lnkedin profile to either embarrass them or cause them to flunk the assignment, but then the "lightbulb" comes on for Mitt that he now has his teacher password and perhaps they "reuse" their password

Resources

Phishing attacks are Scary Easy to do! https://www.youtube.com/watch?v=u9dBGWVwMMA

Generate Phishing Domains Easily with Dnstwist [Tutorial]: https://www.youtube.com/watch?v=ne8SPEoDe8o

Retrieved from "https://www.thinkoutsidethecircle.net/mediawiki/index.php?title=Cybersecurity_Story&oldid=10"