Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,820 --> 00:00:07,360
Welcome to the lecture about fishing, so let's start fishing is a fraudulent attempt to obtain sensitive
2
00:00:07,360 --> 00:00:10,150
information by impersonating a trustworthy entity.
3
00:00:10,750 --> 00:00:16,240
The sensitive information can range from usernames and passwords to credit cards, details or other
4
00:00:16,360 --> 00:00:17,530
confidential information.
5
00:00:18,160 --> 00:00:24,190
You probably received emails upon emails telling you that you have won some big prize in a contest you
6
00:00:24,190 --> 00:00:29,200
never enrol to, or that you have to give some money to a Nigerian prince and that he will pay you back
7
00:00:29,200 --> 00:00:29,770
handsomely.
8
00:00:30,190 --> 00:00:32,470
These are just a couple of examples of phishing.
9
00:00:33,370 --> 00:00:37,360
Now that we know what phishing is, let's explore some techniques used for phishing.
10
00:00:37,810 --> 00:00:39,400
First, we have spearfishing.
11
00:00:39,610 --> 00:00:44,470
This type of phishing attack targets a specific person that was previously analyzed in detail.
12
00:00:44,710 --> 00:00:50,890
Whaling is a very similar attack that usually targets C-level executives, senior managers or people
13
00:00:50,890 --> 00:00:56,080
that have access to specific areas, such as, for example, people performing financial transactions.
14
00:00:56,340 --> 00:01:01,900
Another type of attack is cat phishing, where in a deceptive person creates a fictional online persona
15
00:01:02,200 --> 00:01:07,450
for the purpose of luring someone into a relationship with the intent of gaining access to confidential
16
00:01:07,450 --> 00:01:10,030
information and or restricted resources.
17
00:01:11,430 --> 00:01:17,790
Next, we have crawfishing, which is a type of attack in which a previously delivered email that contains
18
00:01:17,790 --> 00:01:22,770
an attachment or a link is used to create a new, almost identical, malicious email.
19
00:01:23,630 --> 00:01:29,460
The attachment or link within the cloned email is replaced with a malicious version, and that email
20
00:01:29,480 --> 00:01:33,960
sent from a spoofed email address to appear as if it was sent by the original sender.
21
00:01:34,550 --> 00:01:38,300
It may claim to be a recent or just an updated version of the original email.
22
00:01:38,900 --> 00:01:44,900
Usually this type of phishing requires that either the sender or the recipient was previously hacked
23
00:01:44,900 --> 00:01:50,080
so that the malicious third party can obtain the original version of the email after KLON phishing.
24
00:01:50,140 --> 00:01:51,710
We'll talk about anglerfish.
25
00:01:52,120 --> 00:01:56,650
This is this is a specific type of phishing attack that exists on social media.
26
00:01:57,110 --> 00:02:03,200
Cyber criminals create fake social media accounts that try to mimic accounts of companies these fake
27
00:02:03,200 --> 00:02:06,170
accounts can emulate, for example, the customer support of a company.
28
00:02:06,690 --> 00:02:12,470
So, for example, when a customer would make a complaint about the service of the company, the fraudsters
29
00:02:12,710 --> 00:02:18,470
could try to redirect him to a malicious website or try to obtain his credentials to, for example,
30
00:02:18,470 --> 00:02:20,330
between Cote's solve the complaint.
31
00:02:21,400 --> 00:02:26,980
Last but not least, we have search engine fishing, this method is using malicious websites which are
32
00:02:26,980 --> 00:02:33,070
optimized for certain keywords so that they appear as one of the first results when searching for a
33
00:02:33,070 --> 00:02:39,310
particular keyword, such as, for example, online shop on search engines, such as, let's say, Google
34
00:02:39,670 --> 00:02:44,950
the user seeing the malicious website as one of the first results might open the website.
35
00:02:44,950 --> 00:02:50,380
And Prosser's then might trick the user into giving confidential information such as credit card information
36
00:02:50,380 --> 00:02:51,140
or credentials.
37
00:02:51,820 --> 00:02:54,100
We've seen phishing types grouped by technique.
38
00:02:54,640 --> 00:02:58,270
Now let's have a look at different phishing types grouped by the medium used.
39
00:02:59,220 --> 00:03:05,580
First, the most common type of phishing is email phishing, you probably receive phishing emails almost
40
00:03:05,580 --> 00:03:06,040
every day.
41
00:03:06,210 --> 00:03:08,950
Another popular way is using fraudulent websites.
42
00:03:09,540 --> 00:03:13,030
Those websites try to trick their users into giving confidential information.
43
00:03:13,920 --> 00:03:17,730
Next type will talk about his evil twin, this phishing attack.
44
00:03:17,730 --> 00:03:19,490
Target's Wi-Fi access points.
45
00:03:20,430 --> 00:03:26,610
Basically, an evil twin is a fraudulent Wi-Fi access point that appears to be legitimate, but actually
46
00:03:26,610 --> 00:03:30,560
is used to eavesdrop on communication similar to other phishing types.
47
00:03:30,930 --> 00:03:37,080
It is used to obtain confidential information of users by either monitoring their connection or by alerting
48
00:03:37,080 --> 00:03:38,370
them to fraudulent websites.
49
00:03:39,180 --> 00:03:45,120
Yet another type is voice phishing, which refers to phishing done via audio calls such as normal phone
50
00:03:45,120 --> 00:03:47,880
calls or WhatsApp, Skype or other calls.
51
00:03:48,570 --> 00:03:52,380
Last type that were discussed today is mission smashing, or SMS.
52
00:03:52,380 --> 00:03:58,410
Phishing refers to phishing attempts than using messaging systems such as the classic Esme's or newer
53
00:03:58,410 --> 00:04:01,230
messaging systems such as WhatsApp or Skype.
54
00:04:01,560 --> 00:04:06,510
Even though we already saw that phishing attacks can be quite varied, phishing usually share some common
55
00:04:06,510 --> 00:04:08,400
features that we should look out for.
56
00:04:08,490 --> 00:04:14,100
Be suspicious of any email, message, website or call that has any of the following features.
57
00:04:14,370 --> 00:04:17,130
Phishing usually contains some too good to be true statements.
58
00:04:17,130 --> 00:04:23,250
For example, many claim that you have won some big prize like a car or a smartphone or the lottery,
59
00:04:23,700 --> 00:04:28,710
or that you can buy something expensive, like, for example, a house or both for a very cheap price.
60
00:04:29,070 --> 00:04:31,710
Another tactic used is intimidation.
61
00:04:31,830 --> 00:04:36,870
Many phishing scams make all kinds of unrealistic threats, such as saying that your account will close
62
00:04:36,870 --> 00:04:39,450
soon and that you have to act quickly to stop that.
63
00:04:39,840 --> 00:04:45,810
Other common statements are all kind of blackmail attempts, such as threatening to leak private information
64
00:04:45,810 --> 00:04:47,490
such as pictures unless you react.
65
00:04:47,970 --> 00:04:50,550
Next on our list, we have a sense of urgency.
66
00:04:50,760 --> 00:04:53,670
Almost all phishing scams rely on a sense of urgency.
67
00:04:54,090 --> 00:04:59,340
For example, a lot of them are saying that you can get the price or that unbelievable deal for a very
68
00:04:59,340 --> 00:05:03,810
limited amount of time or that your account will be closed in a short period of time unless you react
69
00:05:04,020 --> 00:05:08,600
whenever you receive such communication, be extra suspicious and never take decisions.
70
00:05:08,730 --> 00:05:10,980
Another feature is that there is always a catch.
71
00:05:11,250 --> 00:05:16,920
For example, you receive an email saying that you can get your awesome price or awesome offer if you
72
00:05:16,920 --> 00:05:19,320
first send some money for expenses and fees.
73
00:05:19,530 --> 00:05:22,170
This is usually a sign of phishing at that next.
74
00:05:22,230 --> 00:05:24,540
We have deceptive links and attachments.
75
00:05:25,290 --> 00:05:30,690
We have to pay extra attention to the emails that contain links or attachments from others, then to
76
00:05:30,690 --> 00:05:36,540
use links that are either misspelled or dodgy in order to trick their victims into going on fraudulent
77
00:05:36,540 --> 00:05:37,110
websites.
78
00:05:37,230 --> 00:05:43,020
Also, be careful the hyperlink displayed in the email might not be the actual link that will be redirected
79
00:05:43,020 --> 00:05:43,830
to the check.
80
00:05:43,830 --> 00:05:47,910
The actual value of the hyperlink hover over the link whenever in doubt.
81
00:05:47,910 --> 00:05:51,420
Just go manually on the website of the organization regarding attachments.
82
00:05:51,810 --> 00:05:55,680
If you see an attachment that you weren't expecting or that doesn't make sense.
83
00:05:55,710 --> 00:05:56,430
Don't open it.
84
00:05:56,520 --> 00:05:58,670
Attachments can often contain malware.
85
00:05:58,710 --> 00:06:02,400
Yet another common feature of phishing is having an unusual sender.
86
00:06:02,610 --> 00:06:07,980
Always pay attention to the sender and do not trust the emails or messages sent from senders that look
87
00:06:07,980 --> 00:06:10,320
dodgy or if anything, seems unusual.
88
00:06:10,530 --> 00:06:15,360
Such as, for example, a character which is out of place in the sender's name and or address.
89
00:06:15,540 --> 00:06:17,970
Next on our list, we have poor spelling.
90
00:06:18,120 --> 00:06:23,130
Many phishing attacks usually impersonate well-known companies or organization, however many times
91
00:06:23,130 --> 00:06:26,220
you can find multiple grammar mistakes and spelling errors.
92
00:06:26,280 --> 00:06:31,470
This is a sign of phishing attempt as big organization would not distribute messages with such mistakes.
93
00:06:31,500 --> 00:06:35,130
The last feature on our list is asking for sensitive information.
94
00:06:35,250 --> 00:06:38,310
Fraudsters usually try to obtain personal information.
95
00:06:38,400 --> 00:06:43,020
If you receive an email asking you to give credentials or other sensitive information, don't reply
96
00:06:43,020 --> 00:06:43,330
to it.
97
00:06:43,440 --> 00:06:47,540
Now let's test our knowledge and see how many phishing features we can find in these examples.
98
00:06:47,550 --> 00:06:50,040
You can post the video here and look for clues.
99
00:06:50,960 --> 00:06:56,450
Ready, let's start first, let's check the center, let's say that someone important looks like someone
100
00:06:56,450 --> 00:06:59,970
we can trust, but if we check the organization, we see a typo.
101
00:07:00,230 --> 00:07:01,550
Let's continue and have a look.
102
00:07:01,550 --> 00:07:07,320
When it wasn't it was sent on a Saturday at four a.m. in the morning on Christmas night, to be precise.
103
00:07:07,460 --> 00:07:10,020
This is also another thing that looks quite suspicious on its own.
104
00:07:10,160 --> 00:07:11,270
OK, so let's continue.
105
00:07:11,300 --> 00:07:12,550
Let's have a look at the subject.
106
00:07:12,710 --> 00:07:17,900
Urgent action needed with three exclamation marks, which definitely shows urgency, which, as we remember,
107
00:07:17,900 --> 00:07:23,120
is also a potential feature of fishing, especially when combined with the fact that the email was sent
108
00:07:23,120 --> 00:07:23,840
on Christmas night.
109
00:07:24,020 --> 00:07:25,470
Let's also have a look at the body.
110
00:07:25,670 --> 00:07:29,030
Dear customer, your account will be deleted in 24 hours.
111
00:07:29,030 --> 00:07:32,230
Please access the following link to reverse this action.
112
00:07:32,240 --> 00:07:33,470
Then we have the actual link.
113
00:07:33,500 --> 00:07:36,630
Your bank that, your bank dot com.
114
00:07:36,830 --> 00:07:41,600
Again, we see the sense of urgency coming up, giving us only 24 hours to react.
115
00:07:41,750 --> 00:07:43,310
We also have a URL here.
116
00:07:43,340 --> 00:07:46,660
And that forsight, it seems that it's from our favorite bank.
117
00:07:46,790 --> 00:07:49,590
But if we look a bit closer, we see something strange.
118
00:07:49,760 --> 00:07:55,370
Your bank is just a subdomain of the actual domain, which is a misspelled version of your bank with
119
00:07:55,400 --> 00:07:56,010
double B..
120
00:07:56,210 --> 00:07:57,210
So another red flag.
121
00:07:57,230 --> 00:07:58,640
Let's continue reading the body.
122
00:07:58,880 --> 00:08:04,100
Also download the attachment learning how to reduce loan rate and loan amount by 75 percent.
123
00:08:05,380 --> 00:08:09,820
We have three more signs that this is a phishing attack, first, spelling and grammar mistakes.
124
00:08:10,120 --> 00:08:13,180
Second, there's an offer that is too good to be true.
125
00:08:13,570 --> 00:08:19,720
Last but not least, we also have an attachment which if we have a closer look to, we see that it's
126
00:08:19,720 --> 00:08:20,720
also an executable.
127
00:08:20,890 --> 00:08:22,450
So yet another red flag.
128
00:08:22,750 --> 00:08:27,380
Before we wrap up this lecture, let's see briefly how we can protect ourselves against phishing attacks.
129
00:08:27,550 --> 00:08:30,190
First, always take your time and think before you click.
130
00:08:30,490 --> 00:08:31,900
Look at features of phishing.
131
00:08:32,080 --> 00:08:36,680
And if you find any, don't click on any link and do not download any attachment.
132
00:08:36,910 --> 00:08:42,230
Second, never provide information such as credentials, personal data or credit card information.
133
00:08:42,370 --> 00:08:46,330
Besides, that is antivirus software having antivirus software installed.
134
00:08:46,330 --> 00:08:51,340
My protecting in case you get infected with malware in the unfortunate case that you open an attachment
135
00:08:51,340 --> 00:08:52,150
from a phishing email.
136
00:08:52,300 --> 00:08:56,620
Another thing that would help you protect yourself is keeping your software up to date.
137
00:08:57,130 --> 00:09:00,400
This refers to your operating system browser application.
138
00:09:00,400 --> 00:09:06,040
Basically everything after the malware sent by fraudsters takes advantage of abilities from other unpatched
139
00:09:06,040 --> 00:09:07,150
versions of software.
140
00:09:07,160 --> 00:09:10,810
So keeping your software up to date will make it harder for hackers to harm you.
141
00:09:11,170 --> 00:09:13,390
Last but not least, check the website security.
142
00:09:13,450 --> 00:09:18,670
If you click on a link from an email, always check that it is indeed the genuine website that you actually
143
00:09:18,700 --> 00:09:23,500
wanted to use, especially if you want to provide credentials or credit card information, which says
144
00:09:23,500 --> 00:09:26,830
that you should also check that the URL begins with https.
145
00:09:26,830 --> 00:09:30,190
And if you have any doubt, check the security certificate as well.
146
00:09:30,340 --> 00:09:34,490
You'll learn how to check the website certificate in the How to Protect Yourself lecture.
147
00:09:34,540 --> 00:09:37,260
That being said, in this lecture, we learned what phishing is.
148
00:09:37,300 --> 00:09:42,430
We explored different types of phishing, discussed some common features of phishing, and tested our
149
00:09:42,430 --> 00:09:43,540
knowledge with an example.
150
00:09:43,570 --> 00:09:46,810
Finally, we had a quick look at how to protect ourselves against phishing.
151
00:09:46,930 --> 00:09:48,610
With that, we conclude this lecture.
152
00:09:48,670 --> 00:09:51,500
As always, if you have any questions, don't hesitate to ask us.
153
00:09:51,610 --> 00:09:53,080
See you soon in the next lecture.
16421
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.