Phishing Awareness Lecture Notes

Introduction

• Rise of phishing attacks
• Importance of awareness around phishing
• Objective: Demonstrate how simple it is to create a phishing website

Overview of Phishing Process

1. Create a phishing site using an open-source tool called Black Eye.
2. Deliver the phishing site to the target (tricking them into visiting).
3. Collect compromising information once the target interacts with the site.

Step 1: Getting the Phishing Tool

• Search for Black Eye in the browser.
• Click on the official repository link to access download instructions.

Step 2: Creating the Phishing Website

• Use a simple command to create the phishing site.
• Black Eye offers a variety of websites to choose from.
• For demonstration, an Amazon phishing site (Index 34) is created.
• Process: Type the number 34, and within seconds, the website is generated.

Step 3: Checking the Phishing Website

• Open a browser and paste the generated link to view the phishing site.
• Comparison with the actual Amazon login page shows the phishing site is convincingly similar.

Step 4: Delivering the Phishing Website

• Common method: Sending the phishing link via email.
• Draft an email with an attractive tagline to encourage clicks (e.g., "Check here to validate your email address").

Step 5: Waiting for the Target

• Monitor the target's actions once they receive the email.
• If they click the link, they are redirected to the phishing site.
• Target enters credentials (e.g., email and password) thinking they are logging into Amazon.
• Outcome: Credentials are captured, and the target is redirected to the real Amazon site.

Key Takeaways

• Example demonstrates how easy it is to create phishing sites.
• Custom phishing sites for high-value targets, like banking, can also be created.
• Importance of vigilance and carefulness online.
• Final Note: The weakest link in cybersecurity is often human behavior.