Recognize Online Entrapment and Other Scams by Learning How to Launch Your Own Phishing Attack Website

This workshop is a combination “attack/defense” exercise focusing on Web-based social engineering attacks. Participants will practice both how to launch their own attacks as well as how to defend against them.

Even if your online accounts are bulletproof, you can still get caught out by a “phishing” attack that steals your private data, like your username and password. In fact, from corporate espionage to police entrapment, most cyberattacks don’t start with sophisticated software exploits, but rather by employing relatively simple tricks. These tricks are called “phishing” attacks because, much like baiting a lure, they won’t work unless you bite. However, many people do get caught up by them.

In 2019, ninety percent (90%!) of reported data breaches began with a simple phishing scam. Today, one and a half million new phishing websites are launched every month. Some are dragnets, while others are “watering hole” or even “spear phishing” attacks designed to target a specific demographic or even one individual high-value target (HVT). Thankfully, it’s easy to spot—and even to perform—these tricks if you have the right guidance.

In this hands-on digital workshop presented in collaboration with the radical queer and femme Tech Learning Collective, you will have the opportunity to create and deploy your own phishing Web site that can steal usernames and passwords from unsuspecting victims. By learning how attackers including law enforcement officers (LEOs) build pixel-perfect replicas of familiar sites like the Facebook login screen, you will also gain the skills you need to more quickly recognize the signs of a malicious web site, email, or other online scam.