Shawn Oden PRO
I am a data / code monkey, who has developed an appreciation for good beer and good bourbon. I like to hear myself talk, and I'm trying to get better at letting other people hear me, too.
Shawn Oden
@codefumonkey
codefumonkey.com
If You Teach a Man to Phish ...
Click HERE to learn how to make money with my new crypto scam scheme...
Who Am I?
Database Administrator
Programmer
Former Pilot
Cybersecurity-Curious Geek
Shawn Oden
@codefumonkey
codefumonkey.com
What Are We Going To Talk About?
Some Common Cyber/Personal Security Definitions
Different Types of Scams
How Can We Recognize Scams?
What Can We Do To Stop Scams?
The History of Tricking People
Who Is Responsible For Cybersecurity?
HINT:
This is a trick question.
Quick Definitions:
Threat Actor = Bad Guys
Quick Definitions:
Phishing is a type of social engineering in which the Threat Actor uses some type of electronic medium, such as email, cellphone, or text messaging, to trick someone into giving up information that allows that Threat Actor to perform additional crime against that person or their organization.
Quick Definitions:
SPEAR PHISHING
WHALING
SMISHING
VISHING
BEC (Business Email Compromise)
QUISHING (I didn't name it.)
Quick Definitions:
Social Engineering is a manipulation technique used to trick people into giving up some sort of sensitive information that allows them to gain unauthorized access to a system or perform various other malicious actions. It uses psychological manipulation to exploit human trust rather than engaging in direct technical vulnerabilities. It covers several types of attacks.
Types of Social Engineering:
PRETEXTING
BAITING
QUID PRO QUO
WATERING HOLE ATTACK
JOB SCAMS
ROMANCE SCAMS / HONEYTRAP
PIG BUTCHERING
TAILGATING
A Quick History:
Social Engineering has been around about as long as people have.
A Quick History:
Social Engineering has been around about as long as people have.
A Quick History:
And it has evolved.
A Quick History:
And it has evolved.
A Quick History:
And it has evolved.
A Quick History:
And it has evolved.
A Quick History:
A lot.
A Quick History:
A whole lot.
Why Do People Fall For These?
TRUST
GREED
CURIOSITY
DESIRE TO HELP / PLEASE OTHERS
FEAR / ANXIETY
LONELINESS
FOMO
HUBRIS
WE'RE HUMAN
We're Wired This Way.
How Do We Spot The Scams?
BEWARE OF IMAGES IN AN EMAIL!
| UNKNOWN SENDER |
UNEXPECTED MESSAGE |
|
BAD GRAMMAR |
POPUPS |
|
SCARY TITLES |
URGENT RESPONSE NEEDED |
| ASKING FOR MONEY/INFO/??? |
I NEED YOUR CREDENTIALS |
| LINKS IN MESSAGE |
ATTACHMENTS |
| TOO GOOD TO BE TRUE | OH NO! YOU HAVE A VIRUS! CALL US! |
| PAY IN GIFT CARDS | PAY IN BITCOIN |
Let's Look At Some Examples.
Let's Look At Some Examples.
Let's Look At Some Examples.
Let's Look At Some Examples.
Let's Look At Some Examples.
Let's Look At Some Examples.
Let's Look At Some Examples.
Let's Look At Some Examples.
Let's Look At Some Examples.
Let's Look At Some Examples.
Let's Look At Some Examples.
Let's Look At Some Examples.
Let's Look At Some Examples.
Let's Look At Some Examples.
Let's Look At Some Examples.
Let's Look At Some Examples.
Let's Look At Some Examples.
Let's Look At Some Examples.
Let's Look At Some Examples.
The Threat Of AI Is Here.
What Can We Do?
What Can We Do?
Be Suspicious of Unknown Messages / Phone Calls
Don't Engage With Contacts You Don't Know
Keep Your Software Updated
Use Anti-Malware (and keep IT updated)
Don't Overshare / Watch Your Social Media
Don't Send Sensitive Info Over Email
Use a Password Locker (like 1Password)
Monitor Your Info (like HaveIBeenPwned.com) / OSINT
Use a Good Phish-Resistant MFA
What Can We Do?
STOP.
BREATHE.
THINK.
BE SMART.
AWARENESS
Who Is Responsible For Cybersecurity?
How Do I Learn More?
SANS Internet Storm Center Stormcast Podcast (https://isc.sans.edu/podcast.html)
Scammer Payback (YouTube) (https://www.youtube.com/@ScammerPayback)
Malicious Life Podcast (https://malicious.life/)
Darknet Diaries Podcast (https://darknetdiaries.com/)
Phishing.org (https://www.phishing.org/)
IBM - Humans vs AI. Who's Better At Phishing? (YouTube) (https://www.youtube.com/watch?v=7XhySwUn9eA)
U.S. CISA - Cyber Awareness Program (https://www.cisa.gov/resources-tools/programs/cisa-cybersecurity-awareness-program)
KnowBe4 Cybersecurity Resource Kits (https://www.knowbe4.com/resources/kits)
ProofPoint - Social Engineering Awareness (https://www.proofpoint.com/us/threat-reference/social-engineering)
Fortinet - Social Engineering Awareness (https://www.fortinet.com/resources/cyberglossary/social-engineering)
SANS OUCH! Newsletters (https://www.sans.org/newsletters/ouch)
Thank You!
Shawn Oden | codefumonkey@gmail.com | @CodeFuMonkey | codefumonkey.com
Thank You To Our Sponsors!
If You Teach A Man To Phish ... (V2.1) (SQL Saturday Baton Rouge 2025)
By Shawn Oden
If You Teach A Man To Phish ... (V2.1) (SQL Saturday Baton Rouge 2025)
It seems like we're constantly under attack by someone trying to steal our money or our personal information. Scammers are constantly on the prowl for victims, and phishing is one of their favorite tools. In this talk, I'll teach you how to spot it and other scams, so that you can avoid becoming one of those victims.
