WEBVTT 1 00:00:00.000 --> 00:00:02.960 All right, so you sent over a ton of info 2 00:00:03.080 --> 00:00:05.839 on fishing. Yeah, even excerpts from a book on the topic. 3 00:00:06.360 --> 00:00:08.199 Looks like we're taking a deep dive into the world 4 00:00:08.240 --> 00:00:09.679 of online stams today. 5 00:00:09.880 --> 00:00:10.400 Yeah. 6 00:00:10.439 --> 00:00:14.439 We'll uncover how fishing works, where it lurks, and most importantly, 7 00:00:14.720 --> 00:00:17.039 how you can protect yourself from falling victim. 8 00:00:17.399 --> 00:00:20.559 What's fascinating about fishing is how much it relies on 9 00:00:21.160 --> 00:00:25.160 human psychology. Yeah, rather than just technical tricks. It's like 10 00:00:25.199 --> 00:00:28.120 a digital con game, preying on our trust, right, and 11 00:00:28.160 --> 00:00:30.039 our tendency to overlook details. 12 00:00:30.079 --> 00:00:32.719 That's what's so unsettling about it. It feels like anyone 13 00:00:32.759 --> 00:00:35.320 could fall for it, even if you think you're tech savvy. 14 00:00:35.600 --> 00:00:38.039 Absolutely. Think back to the example in the book about 15 00:00:38.039 --> 00:00:42.280 that fake PayPal login page. Okay, it highlights just how 16 00:00:42.280 --> 00:00:45.799 easily we can be fooled. If you're not paying close attention, 17 00:00:46.280 --> 00:00:48.119 you might not even notice that the web address is 18 00:00:48.119 --> 00:00:50.719 slightly off. Oh wow, and that's all it takes for 19 00:00:50.759 --> 00:00:52.159 them to snag your login info. 20 00:00:52.320 --> 00:00:54.520 Okay, that's already making me want to double check all 21 00:00:54.520 --> 00:00:57.359 my online accounts. Yeah, but before we get to ahead 22 00:00:57.359 --> 00:01:00.439 of ourselves, let's rewind a bit. The book mentioned the 23 00:01:00.479 --> 00:01:03.759 history of phishing, It's actually been around longer than I realized. 24 00:01:04.079 --> 00:01:06.719 You're right, it might seem like a modern problem. Yeah, 25 00:01:06.760 --> 00:01:09.560 but its roots actually go back to phone scams, even 26 00:01:09.640 --> 00:01:13.560 before the Internet was widespread. Wow, it's amazing how it's 27 00:01:13.599 --> 00:01:16.040 managed to adapt and thrive in the digital age. 28 00:01:16.319 --> 00:01:16.959 Yeah. 29 00:01:17.280 --> 00:01:21.959 We've gone from simple email scams to elaborate schemes using 30 00:01:21.959 --> 00:01:26.280 websites as ams, social media, even video conferencing software. 31 00:01:26.599 --> 00:01:29.480 It's kind of terrifying how adaptable it is. Yeah, and 32 00:01:29.519 --> 00:01:32.920 speaking of adapting, didn't the COVID nineteen pandemic really give 33 00:01:32.920 --> 00:01:36.120 fishers a boost? Oh? Everyone was suddenly online, shopping and 34 00:01:36.159 --> 00:01:38.840 working remotely. It seems like a scammer's dream. 35 00:01:38.920 --> 00:01:40.359 It was a perfect storm for them. 36 00:01:40.560 --> 00:01:41.239 Wow. 37 00:01:41.560 --> 00:01:45.920 Remember Google reported as staggering eighteen million COVID related phishing 38 00:01:45.959 --> 00:01:50.280 emails daily on Gmail alone back in twenty twenty. Seriously, 39 00:01:50.439 --> 00:01:53.120 but it wasn't just a sheer volume of targets. The 40 00:01:53.120 --> 00:01:57.159 pandemic created a climate of fear and uncertainty, which Fisher's 41 00:01:57.319 --> 00:02:01.359 expertly exploited. They preyed on people's anxiety about health, finances 42 00:02:01.359 --> 00:02:03.439 and even getting essential supplies. 43 00:02:03.200 --> 00:02:05.560 So they were tapping into those raw emotions to trick 44 00:02:05.640 --> 00:02:08.400 people exactly. That's just devious. That makes you realize how 45 00:02:08.400 --> 00:02:10.599 important it is to be aware of these tactics. 46 00:02:10.759 --> 00:02:11.000 Right. 47 00:02:12.159 --> 00:02:14.680 The book breaks down all the different types of phishing 48 00:02:14.680 --> 00:02:17.759 out there, which seems like a good place to start 49 00:02:17.840 --> 00:02:19.960 understanding the complexity of this threat. 50 00:02:20.159 --> 00:02:23.800 Absolutely, it could be helpful to categorize them, okay. Broadly speaking, 51 00:02:23.840 --> 00:02:28.719 we have social engineering fishing okay, which uses psychological manipulation, 52 00:02:29.319 --> 00:02:34.639 and tech driven fishing, which relies more on exploiting technical loopholes. 53 00:02:35.120 --> 00:02:37.520 Let's start with social engineering, sure, can you give me 54 00:02:37.520 --> 00:02:39.479 some examples of how that works in practice? 55 00:02:39.639 --> 00:02:42.000 Imagine you get an email that looks exactly like it's 56 00:02:42.039 --> 00:02:46.080 from your bank, urging you to update your account info 57 00:02:46.639 --> 00:02:49.639 due to some security breach. It might even have the 58 00:02:49.680 --> 00:02:51.319 bank's logo and branding. 59 00:02:51.599 --> 00:02:51.960 Okay. 60 00:02:52.120 --> 00:02:55.159 It creates a sense of urgency, making you act quickly 61 00:02:55.479 --> 00:02:56.719 without thinking too hard. 62 00:02:57.000 --> 00:02:57.240 Right. 63 00:02:57.479 --> 00:03:01.120 That's deceptive fishing using fear and a ready to manipulate you. 64 00:03:01.360 --> 00:03:03.360 That's pretty scary. I can see how easy it would 65 00:03:03.360 --> 00:03:05.560 be to fall for that, especially if you're already stressed 66 00:03:05.560 --> 00:03:07.639 about online security exactly. 67 00:03:08.000 --> 00:03:11.159 And then there's spearfishing, which is even more targeted okay. 68 00:03:11.199 --> 00:03:15.199 Instead of a mass email. It's a message crafted specifically 69 00:03:15.240 --> 00:03:19.879 for you, maybe referencing your job, your recent purchases, or 70 00:03:19.960 --> 00:03:22.599 even using information pulled from your social media. 71 00:03:22.840 --> 00:03:23.120 Wow. 72 00:03:23.280 --> 00:03:25.280 It's all designed to make you believe the message is 73 00:03:25.360 --> 00:03:27.000 legitimate and gain your trust. 74 00:03:27.439 --> 00:03:29.719 Wow. So it's like they're doing their homework on you 75 00:03:29.800 --> 00:03:33.439 before they strike exactly. And what about whaling? I remember 76 00:03:33.479 --> 00:03:35.400 that term from the book. It sounds pretty intense. 77 00:03:35.719 --> 00:03:42.400 Whaling is all about going after the big fish CEOs, politicians, celebrities, 78 00:03:42.800 --> 00:03:46.240 anyone with high level access or influence. These attacks are 79 00:03:46.280 --> 00:03:49.639 even more sophisticated, often involving a combination of social engineering, 80 00:03:49.759 --> 00:03:53.479 technical tricks, yeah, and meticulous research to make this gam 81 00:03:53.520 --> 00:03:55.080 scene completely believable. 82 00:03:55.240 --> 00:03:55.759 Wow. 83 00:03:56.039 --> 00:03:58.639 The potential payoff for the attacker is much higher, so 84 00:03:58.680 --> 00:04:00.319 they're willing to put in the extra effort. 85 00:04:00.479 --> 00:04:02.759 So it's like a high stakes game of cat and 86 00:04:02.800 --> 00:04:06.000 mouse with fishers constantly upping their game. This is all 87 00:04:06.039 --> 00:04:07.680 starting to feel a bit overwhelming. 88 00:04:08.000 --> 00:04:08.599 Yeah. 89 00:04:08.840 --> 00:04:10.919 Is it even possible to stay ahead of these guys? 90 00:04:10.919 --> 00:04:14.240 It definitely feels that way sometimes, right. Yeah, But don't worry. 91 00:04:14.319 --> 00:04:16.560 We'll get to the ways you can protect yourself. Okay, 92 00:04:16.600 --> 00:04:18.480 before we do that, let's take a look at tech 93 00:04:18.600 --> 00:04:21.920 driven fishing. Okay, it's just as important to understand. 94 00:04:22.079 --> 00:04:26.000 Okay, So if social engineering is about tricking the user, 95 00:04:27.360 --> 00:04:29.720 what does tech driven fishing focus on. 96 00:04:30.279 --> 00:04:33.959 It's all about using technical tricks to bypass security measures 97 00:04:34.319 --> 00:04:37.319 and gain access to your information. Okay. One example is 98 00:04:37.439 --> 00:04:41.600 DNS based fishing, which essentially hijacks the Internet's address book 99 00:04:42.240 --> 00:04:45.519 the DNS to redirect you to a fake website even 100 00:04:45.560 --> 00:04:46.959 if you type the correct URL. 101 00:04:47.040 --> 00:04:49.319 So even if I'm being careful about checking web addresses, 102 00:04:49.399 --> 00:04:51.199 i could still end up on a fishing site. 103 00:04:51.319 --> 00:04:51.959 Unfortunately. 104 00:04:52.040 --> 00:04:53.319 Yes, that's unnerving. 105 00:04:53.480 --> 00:04:56.560 And then there's proxy based fishing, which messes with your 106 00:04:56.600 --> 00:04:59.519 browser settings to send you to those fake sites without 107 00:04:59.519 --> 00:05:02.839 your knowledge. It's like someone secretly changing the directions in 108 00:05:02.879 --> 00:05:05.639 your GPS leading you to the wrong destination. 109 00:05:06.360 --> 00:05:08.920 Sneaky. So it's not enough to just be vigilant. You 110 00:05:08.959 --> 00:05:12.040 need to have some technical know how to really protect yourself. 111 00:05:12.120 --> 00:05:14.680 Is that what content injection phishing is about. 112 00:05:14.879 --> 00:05:18.399 That's a different beast. It's like a digital trojan horse. Okay. 113 00:05:18.600 --> 00:05:23.040 Instead of creating an entirely fake website, attackers sneak malicious 114 00:05:23.079 --> 00:05:26.879 code into legitimate websites. You might visit regularly. Oh wow, 115 00:05:27.120 --> 00:05:30.560 this code can then steal your data or redirect you 116 00:05:30.600 --> 00:05:33.399 to a phishing site without you even realizing it. 117 00:05:33.480 --> 00:05:35.519 So it's like a wolf in sheep's clothing. A trusted 118 00:05:35.519 --> 00:05:38.120 website suddenly becomes a trap. It seems like phishing is 119 00:05:38.160 --> 00:05:39.399 everywhere online. 120 00:05:39.480 --> 00:05:42.480 You're not wrong. The book actually talks about how phishing 121 00:05:42.560 --> 00:05:46.560 has expanded beyond email to exploit a wide range of channels. 122 00:05:46.680 --> 00:05:48.160 It's something to be aware of, for sure. 123 00:05:48.399 --> 00:05:50.120 So where else should we be on the lookout for 124 00:05:50.160 --> 00:05:53.160 these scams? I mean besides email, which already makes me 125 00:05:53.240 --> 00:05:53.879 nervous enough. 126 00:05:53.959 --> 00:05:56.720 Well, think about how much you use your phone these days. Yeah, 127 00:05:56.920 --> 00:06:00.639 SMS phishing or smishing uses text mess to try and 128 00:06:00.680 --> 00:06:02.680 trick you. They might send a link that looks like 129 00:06:02.720 --> 00:06:05.360 it's from your bank or a delivery service, trying to 130 00:06:05.399 --> 00:06:07.439 get you to click and give away your info. 131 00:06:07.720 --> 00:06:10.240 Oh I've seen those before. Yeah, the ones that say 132 00:06:10.240 --> 00:06:12.120 your package is delayed and you need to click a 133 00:06:12.199 --> 00:06:15.839 link to reschedule delivery. I always thought those seemed fishy. 134 00:06:16.040 --> 00:06:18.480 You're right to be suspicious. And then their's social media. 135 00:06:18.680 --> 00:06:23.000 Oh yeah, it's a breeding ground for fishing, right with 136 00:06:23.279 --> 00:06:26.439 fake quizzes, contests or too good to be true offers 137 00:06:27.319 --> 00:06:29.959 all designed to lure you into clicking a malicious link 138 00:06:30.199 --> 00:06:33.839 or giving away personal info. Wow, and even those comments 139 00:06:33.879 --> 00:06:37.439 sections can be dangerous. Sometimes they'll contain links to phishing 140 00:06:37.519 --> 00:06:41.120 sites disguised as helpful resources or related articles. 141 00:06:41.360 --> 00:06:45.800 It's scary how they managed to blend in with legitimate content. Yeah, 142 00:06:45.839 --> 00:06:48.560 and what about public Wi Fi? I use it all 143 00:06:48.560 --> 00:06:51.759 the time at coffee shops and airports. It's never occurred 144 00:06:51.759 --> 00:06:53.399 to me that it could be a fishing risk. 145 00:06:53.560 --> 00:06:56.680 That's a common misconception. Really, public Wi Fi networks can 146 00:06:56.720 --> 00:06:59.879 be a gold mine for fishers. Wow, you probably heard 147 00:06:59.920 --> 00:07:03.439 it evil twin Wi Fi networks? I think so those 148 00:07:03.480 --> 00:07:07.319 fake hotspots set up to mimic legitimate ones. Right. If 149 00:07:07.360 --> 00:07:09.600 you connect to one of these thinking it's the coffee 150 00:07:09.600 --> 00:07:13.680 shop's Wi Fi, the attacker can potentially intercept all your 151 00:07:13.759 --> 00:07:19.040 Internet traffic, including your usernames, passwords, and even financial. 152 00:07:18.560 --> 00:07:23.279 Info, so that free internet might come at a hidden cost. Yanks. Yeah, 153 00:07:23.319 --> 00:07:26.560 I'm definitely going to be more careful about connecting to 154 00:07:26.639 --> 00:07:30.839 public Wi Fi from now on. The book also mentioned 155 00:07:30.839 --> 00:07:35.240 something about Bluetooth fishing, which sounds wild to me. Bluetooth 156 00:07:35.279 --> 00:07:37.680 is for headphones and speakers right, right, How could that 157 00:07:37.720 --> 00:07:38.639 be used for fishing? 158 00:07:38.839 --> 00:07:42.439 Sounds strange, but fishers are always looking for creative ways 159 00:07:42.439 --> 00:07:46.399 to exploit technology. Yeah, bluetooth fishing takes advantage of how 160 00:07:46.480 --> 00:07:47.319 pairing works. 161 00:07:47.560 --> 00:07:47.839 Okay. 162 00:07:48.000 --> 00:07:50.920 Imagine you're in a public place and your phone's Bluetooth 163 00:07:51.000 --> 00:07:53.959 is on searching for devices, right. An attacker can send 164 00:07:54.000 --> 00:07:56.160 a pairing request that looks like it's from a harmless 165 00:07:56.199 --> 00:07:59.240 device like headphones or a fitness tracker. Oh gosh, but 166 00:07:59.319 --> 00:08:02.079 if you accept that request, they could potentially gain access 167 00:08:02.079 --> 00:08:05.000 to your phone and steal data, install malware, or even 168 00:08:05.000 --> 00:08:06.360 take control of certain functions. 169 00:08:06.800 --> 00:08:10.120 Okay, that's officially terrifying. It's making me rethink my whole 170 00:08:10.160 --> 00:08:11.199 approach to bluetooth. 171 00:08:11.319 --> 00:08:11.560 Yeah. 172 00:08:11.600 --> 00:08:14.639 I usually just leave it on all the time for convenience, right, 173 00:08:14.879 --> 00:08:17.800 But now I'm thinking that might not be the smartest move. 174 00:08:18.079 --> 00:08:22.120 It's always better to be safe than sorry. Yeah, disable 175 00:08:22.199 --> 00:08:25.879 bluetooth when you're not using it, and only pair with 176 00:08:25.959 --> 00:08:29.000 devices you trust. Okay, it's a simple step that can 177 00:08:29.000 --> 00:08:30.759 make a big difference in protecting yourself. 178 00:08:30.839 --> 00:08:32.879 You've given me a lot to think about already. It 179 00:08:32.879 --> 00:08:35.679 seems like phishing is lurking around every corner. Of the Internet. 180 00:08:35.799 --> 00:08:38.360 But the book did have a section on how to 181 00:08:38.360 --> 00:08:39.240 protect ourselves? 182 00:08:39.320 --> 00:08:40.279 Right absolutely? 183 00:08:40.320 --> 00:08:41.679 What are some of the key takeaways? 184 00:08:41.759 --> 00:08:44.480 Awareness is the first step, and you're already doing that 185 00:08:44.519 --> 00:08:47.080 by diving into this topic. But when it comes to 186 00:08:47.159 --> 00:08:51.559 practical steps, learning to scrutinize URLs is crucial. 187 00:08:51.720 --> 00:08:52.080 Okay. 188 00:08:52.240 --> 00:08:55.519 Attackers use all sorts of clever tricks to make fake 189 00:08:55.879 --> 00:08:59.360 URLs look real, So it's all about knowing the red flags. 190 00:09:00.000 --> 00:09:02.200 What should we be looking for. I have to admit 191 00:09:02.360 --> 00:09:05.480 I don't always pay close attention to URLs, especially when 192 00:09:05.519 --> 00:09:06.759 I'm browsing on my phone. 193 00:09:06.799 --> 00:09:10.799 That's understandable. One common tactic is domain spoofing, where they 194 00:09:10.799 --> 00:09:14.679 create domain names that are very similar to legitimate ones. Yeah, 195 00:09:15.039 --> 00:09:19.440 I think misspellings, similar sounding words, adding extra words, or 196 00:09:19.480 --> 00:09:21.360 even hijacking personal names. 197 00:09:21.639 --> 00:09:22.080 Wow. 198 00:09:22.200 --> 00:09:25.559 They might use bit squatting bit squatting, which exploits those 199 00:09:25.600 --> 00:09:28.799 tiny typos we all make sometimes. For example, imagine you're 200 00:09:28.840 --> 00:09:32.840 trying to visit example dot com, but you accidentally type 201 00:09:33.240 --> 00:09:36.480 exmable dot com. Oh right, A bit squatter might have 202 00:09:36.519 --> 00:09:39.200 registered that misspell domain and boom, You're redirected to a 203 00:09:39.240 --> 00:09:40.840 phishing site without even realizing it. 204 00:09:40.919 --> 00:09:43.639 Wow, that's sneaky. It's like they're setting traps for our typos. 205 00:09:43.960 --> 00:09:45.440 Yeah, and what about. 206 00:09:45.240 --> 00:09:47.200 Those shortened links, like the ones you often see on 207 00:09:47.240 --> 00:09:48.000 social media? 208 00:09:48.080 --> 00:09:51.720 Those tiny URLs can be tricky. They're often used legitimately 209 00:09:51.759 --> 00:09:54.960 to save space or make links easier to share, but 210 00:09:54.960 --> 00:09:57.960 they can also be used to mask the true destination 211 00:09:58.039 --> 00:10:00.519 of a link. Oh wow, So before you click on 212 00:10:00.519 --> 00:10:03.200 a tiny url, always hover over it to see the 213 00:10:03.200 --> 00:10:05.679 full web address. If it looks suspicious or you don't 214 00:10:05.679 --> 00:10:07.000 recognize the domain, don't click it. 215 00:10:07.279 --> 00:10:09.879 Okay. So let's say I've clicked on a link and 216 00:10:09.919 --> 00:10:14.360 I'm on a website. Are there any telltale signs that 217 00:10:14.399 --> 00:10:16.120 I might be on a phishing site? 218 00:10:17.519 --> 00:10:21.000 There are, put on your detective hat and start scrutinizing 219 00:10:21.000 --> 00:10:25.399 the website's design, all right, look for inconsistencies, anything that 220 00:10:25.480 --> 00:10:26.080 seems off. 221 00:10:26.320 --> 00:10:26.679 Okay. 222 00:10:26.840 --> 00:10:32.000 It could be low quality images, broken links, grammatical errors, 223 00:10:32.440 --> 00:10:35.600 even just a strange layout. These can all be signs 224 00:10:35.639 --> 00:10:38.080 that the website was hastily put together or that it's 225 00:10:38.120 --> 00:10:40.360 not the real deal. If you're comfortable with it, you 226 00:10:40.360 --> 00:10:43.720 could even examine the HTML code for suspicious elements like 227 00:10:43.799 --> 00:10:46.440 hidden eye frames or redirecting links. 228 00:10:46.519 --> 00:10:48.799 I'm not that tech savvy, but I can definitely look 229 00:10:48.799 --> 00:10:51.679 out for those visual cues. It's amazing how much we 230 00:10:51.720 --> 00:10:53.919 can learn just by paying attention to the details. But 231 00:10:54.000 --> 00:10:56.240 even with all this vigilance, is there anything else we 232 00:10:56.279 --> 00:10:59.320 can do to proactively protect ourselves? The book mentioned some 233 00:10:59.360 --> 00:11:01.440 technical tool Yes there are. 234 00:11:01.679 --> 00:11:03.759 One of the most basic yet effective things you can 235 00:11:03.759 --> 00:11:07.399 do is use strong, unique passwords for all your online accounts. Okay, 236 00:11:07.679 --> 00:11:10.279 and I can't stress this enough. Enable two factor authentication 237 00:11:10.399 --> 00:11:13.919 whenever possible. It adds an extra layer of security by 238 00:11:13.960 --> 00:11:16.200 requiring you to enter a code from your phone or 239 00:11:16.279 --> 00:11:19.639 email in addition to your password. It might seem like 240 00:11:19.679 --> 00:11:22.440 a hassle, but it makes it much harder for attackers 241 00:11:22.440 --> 00:11:24.960 to gain access to your accounts, even if they have 242 00:11:25.039 --> 00:11:25.679 your password. 243 00:11:25.879 --> 00:11:28.159 That's a good reminder. I know I've been putting off 244 00:11:28.440 --> 00:11:31.519 enabling two factor authentication on some of my accounts. Oh yeah, 245 00:11:31.559 --> 00:11:33.600 but you've convinced me it's worth the effort. 246 00:11:33.720 --> 00:11:36.720 It really is. And keep your software and anti virus 247 00:11:36.799 --> 00:11:40.879 programs up to date. Those updates often include security patches 248 00:11:40.919 --> 00:11:44.960 that can help protect you from known vulnerabilities. And if 249 00:11:44.960 --> 00:11:48.039 you want an extra layer of defense, consider using anti 250 00:11:48.039 --> 00:11:51.960 phishing browser extensions and toolbars. They can help identify and 251 00:11:52.039 --> 00:11:56.320 block suspicious websites even if you accidentally click on a malicious. 252 00:11:55.960 --> 00:11:59.559 Link, So it's like having a bodyguard for your browser. Like, 253 00:12:00.200 --> 00:12:01.600 it seems like there's a lot we can do to 254 00:12:01.639 --> 00:12:03.879 protect ourselves, but it's also important to know that phishing 255 00:12:03.960 --> 00:12:07.080 is a crime, right absolutely. What are the legal repercussions 256 00:12:07.120 --> 00:12:07.919 for these attackers? 257 00:12:07.919 --> 00:12:11.200 Phishing is illegal and there are laws in place to 258 00:12:11.240 --> 00:12:14.080 punish those who engage in it. For example, in the US, 259 00:12:14.279 --> 00:12:19.200 that can Spam Act helps regulate commercial emails and combat spam, 260 00:12:19.279 --> 00:12:21.879 which is often used as a vehicle for phishing attacks, 261 00:12:22.759 --> 00:12:27.559 and the Digital Millennium Copyright Act or DMCA protects logos 262 00:12:27.559 --> 00:12:32.120 and intellectual property from being misused, which is relevant because 263 00:12:32.159 --> 00:12:34.960 fishers often try to mimic legitimate brands, so. 264 00:12:34.879 --> 00:12:37.679 They can't just hide behind anonymity and get away with it. 265 00:12:37.840 --> 00:12:41.080 Not always, it can be difficult to track down these criminals. Yeah, 266 00:12:41.120 --> 00:12:43.919 but it does happen. The book mentioned some high profile 267 00:12:44.000 --> 00:12:47.799 cases where companies like Microsoft and AOL filed lawsuits worth 268 00:12:47.919 --> 00:12:51.159 millions against fishers. Wow. It's also important to remember that 269 00:12:51.240 --> 00:12:54.320 every time you report a phishing attempt, you're contributing to 270 00:12:54.360 --> 00:12:55.639 the fight against these scams. 271 00:12:55.799 --> 00:12:58.720 So reporting these scams isn't just about protecting myself, it's 272 00:12:58.720 --> 00:13:02.120 about helping to take on these criminals and protect others exactly. 273 00:13:02.320 --> 00:13:04.960 Every report provides valuable data. They could be used to 274 00:13:05.000 --> 00:13:10.000 identify fishing patterns, track down attackers, and even prevent future attacks. Wow, 275 00:13:10.120 --> 00:13:13.519 you're essentially helping to build a stronger defense for everyone. 276 00:13:13.840 --> 00:13:16.799 This deep dive has really been eye opening. It's amazing 277 00:13:16.879 --> 00:13:19.919 how much I didn't know about fishing, and I'm feeling 278 00:13:19.960 --> 00:13:23.679 a lot more empowered to protect myself. But I'm also 279 00:13:23.720 --> 00:13:27.840 realizing that it's not just about individual action. It sounds 280 00:13:27.879 --> 00:13:31.000 like there's a whole technological arms race going on behind 281 00:13:31.039 --> 00:13:33.759 the scenes to try and stay ahead of these attackers. 282 00:13:34.000 --> 00:13:38.360 You're absolutely right alongside individual vigilance. Yeah, there's a constant 283 00:13:38.399 --> 00:13:42.120 effort to develop and deploy anti phishing technologies. 284 00:13:42.480 --> 00:13:45.279 What are some of the more cutting edge approaches being 285 00:13:45.360 --> 00:13:47.960 used to combat fishing on a larger scale. 286 00:13:48.120 --> 00:13:50.919 Well, you have your classic approaches like blacklists and whitelists. 287 00:13:51.240 --> 00:13:54.360 Blacklists are like a digital most wanted list. They keep 288 00:13:54.399 --> 00:13:57.120 track of known fishing sites so they could be blocked. Okay, 289 00:13:57.559 --> 00:14:00.480 and whitelists are the opposite, right, They only allow access 290 00:14:00.519 --> 00:14:02.519 to websites that have been deemed trustworthy. 291 00:14:03.039 --> 00:14:06.519 So a guilty until proven innocent approach with the blacklist 292 00:14:06.600 --> 00:14:09.519 and an innocent until proven guilty approach with the white list. 293 00:14:09.639 --> 00:14:11.080 Yeah, exactly makes sense. 294 00:14:11.120 --> 00:14:13.639 But also the tech wizard's cooking up to fight these scammers. 295 00:14:13.799 --> 00:14:18.399 Things are getting really interesting with visual similarity detection. Okay, 296 00:14:19.000 --> 00:14:23.440 it uses algorithms to compare websites and spot fakes based 297 00:14:23.440 --> 00:14:24.679 on their design and layout. 298 00:14:25.000 --> 00:14:25.480 Interesting. 299 00:14:25.679 --> 00:14:28.480 Think of it like a facial recognition system, but for websites. 300 00:14:29.159 --> 00:14:31.639 It can pick up on subtle differences that a human 301 00:14:31.720 --> 00:14:35.360 eye might miss, flagging potential fishing sites even if they've 302 00:14:35.360 --> 00:14:36.639 been cleverly disguised. 303 00:14:37.159 --> 00:14:39.480 That's pretty impressive. It seems like we're bringing in the 304 00:14:39.519 --> 00:14:43.120 big guns with these technological solutions. But the book also 305 00:14:43.159 --> 00:14:46.399 talked about machine learning, right, how is that being used 306 00:14:46.440 --> 00:14:47.279 to fight phishing? 307 00:14:47.519 --> 00:14:50.519 Machine learning is playing a huge role. It's all about 308 00:14:50.639 --> 00:14:56.320 training computers to identify phishing patterns and flag suspicious activity. Okay, 309 00:14:56.639 --> 00:14:59.519 imagine you're teaching a computer to spot a fake painting. 310 00:15:00.240 --> 00:15:03.600 You show it thousands of real and fake paintings, pointing 311 00:15:03.639 --> 00:15:07.720 out the subtle differences in breaststrokes, colors, and composition. Okay, 312 00:15:08.039 --> 00:15:11.840 over time, the computer learns to recognize those telltale signs 313 00:15:11.840 --> 00:15:14.799 of a forgery. That's essentially what we're doing with machine 314 00:15:14.879 --> 00:15:18.200 learning and fishing. We're feeding these algorithms massive amounts of 315 00:15:18.279 --> 00:15:22.519 data about phishing websites and emails, teaching them to recognize 316 00:15:22.519 --> 00:15:25.679 the patterns in red flags that humans might miss. 317 00:15:26.039 --> 00:15:28.720 So it's like giving the computer a crash course in 318 00:15:28.799 --> 00:15:33.279 phishing detection, turning it into a digital detective. What about 319 00:15:33.279 --> 00:15:36.080 deep learning? Is that just a fancier term for machine learning. 320 00:15:36.200 --> 00:15:38.039 It's related, but takes it a step further. 321 00:15:38.200 --> 00:15:38.519 Okay. 322 00:15:39.080 --> 00:15:41.960 Deep learning is inspired by the human brain and its 323 00:15:42.000 --> 00:15:42.799 neural networks. 324 00:15:43.039 --> 00:15:43.279 Right. 325 00:15:43.559 --> 00:15:47.080 It allows computers to analyze data on a much deeper level, 326 00:15:47.440 --> 00:15:50.120 uncovering even more subtle and complex patterns. 327 00:15:50.600 --> 00:15:53.840 So it's not just about recognizing superficial similarities, it's about 328 00:15:53.960 --> 00:15:56.559 understanding the underlying intent in behavior. 329 00:15:56.799 --> 00:16:01.200 Exactly. Deep learning is allowing us to create dudibly sophisticated 330 00:16:01.200 --> 00:16:04.679 fishing detection systems that can adapt and learn as new 331 00:16:04.720 --> 00:16:05.440 threats emerge. 332 00:16:05.440 --> 00:16:07.240 So it's always evolving getting smarter. 333 00:16:07.399 --> 00:16:10.799 Yeah, exactly, like having a security guard that's constantly learning 334 00:16:10.840 --> 00:16:13.720 new self defense techniques to stay ahead of the criminals. 335 00:16:13.919 --> 00:16:16.639 This all sounds very promising, but let's be realistic. Can 336 00:16:16.720 --> 00:16:19.159 technology really solve the fishing problem entirely? 337 00:16:19.519 --> 00:16:23.759 That's the million dollar question. Technology is an incredibly powerful 338 00:16:23.799 --> 00:16:27.159 tool in this fight, but it's not a silver bullet. Remember, 339 00:16:27.240 --> 00:16:32.200 phishing is ultimately about exploiting human psychology. Yeah, as long 340 00:16:32.240 --> 00:16:34.759 as there are people who fall prey to these scams, 341 00:16:35.039 --> 00:16:37.200 there will be fishers trying to exploit them. 342 00:16:37.279 --> 00:16:37.919 That's true. 343 00:16:38.000 --> 00:16:41.840 That's why education and awareness are so important. Even with 344 00:16:41.919 --> 00:16:45.320 the most advanced technology in place, human vigilance is still 345 00:16:45.600 --> 00:16:46.879 our first line of defense. 346 00:16:47.039 --> 00:16:50.120 So it's a two pronged approach. Technology to bolster our 347 00:16:50.159 --> 00:16:55.000 defenses and education to empower individuals. What can we do 348 00:16:55.080 --> 00:16:58.399 as everyday users to contribute to this collective effort. 349 00:16:58.559 --> 00:17:00.440 One of the most important things you can do is 350 00:17:00.519 --> 00:17:03.919 report phishing attempts. It might seem like a small act, 351 00:17:04.200 --> 00:17:06.400 but it has a ripple effect. If you receive a 352 00:17:06.440 --> 00:17:08.960 suspicious email or come across a website that you think 353 00:17:09.079 --> 00:17:12.160 might be a phishing scam, don't just delete it or 354 00:17:12.160 --> 00:17:15.200 ignore it, report it to the appropriate authorities. 355 00:17:15.359 --> 00:17:17.640 So who should we be reporting these scams to. 356 00:17:18.000 --> 00:17:21.799 There are several organizations dedicated to fighting phishing, like the 357 00:17:21.839 --> 00:17:26.200 Anti Phishing Working Group APWG and the US Computer Emergency 358 00:17:26.200 --> 00:17:30.519 Readiness Team us SERT. Okay, you can also report it 359 00:17:30.519 --> 00:17:34.759 to the company or organization being impersonated. For example, if 360 00:17:34.759 --> 00:17:37.519 you get a phishing email pretending to be from Amazon, 361 00:17:37.880 --> 00:17:42.240 forward it to Amazon's Fishing Report address. Every report helps 362 00:17:42.240 --> 00:17:46.160 build a better understanding of phishing tactics, track down these criminals, 363 00:17:46.359 --> 00:17:48.279 and ultimately prevent future attacks. 364 00:17:48.519 --> 00:17:51.319 It's like we're all deputized cyber detectives working together to 365 00:17:51.319 --> 00:17:52.720 take down these scammers exactly. 366 00:17:52.799 --> 00:17:56.480 It's about empowering individuals to be part of the solution. Remember, 367 00:17:56.559 --> 00:18:00.160 knowledge is power. The more you understand about phishing, the 368 00:18:00.200 --> 00:18:03.000 better equip you'll be to avoid becoming a victim, and 369 00:18:03.079 --> 00:18:05.359 by sharing that knowledge with others, you're helping create a 370 00:18:05.359 --> 00:18:08.039 safer online environment for everyone. 371 00:18:08.079 --> 00:18:10.480 This deep dive has been a real wake up call, 372 00:18:10.599 --> 00:18:14.759 but also incredibly empowering. I feel like I've learned so 373 00:18:14.920 --> 00:18:17.160 much about the hidden world of phishing and the many 374 00:18:17.160 --> 00:18:18.640 ways we can protect ourselves. 375 00:18:19.160 --> 00:18:22.119 I'm glad to hear that it's all about staying vigilant, 376 00:18:23.000 --> 00:18:27.400 being curious, and never taking your online security for granted. Yeah, 377 00:18:27.440 --> 00:18:29.839 the Internet can be a wonderful place, but it's important 378 00:18:29.880 --> 00:18:32.000 to navigate it with awareness and caution. 379 00:18:32.279 --> 00:18:34.519 Well said, and on that note, I think we've reached 380 00:18:34.519 --> 00:18:37.319 the end of our deep dive to our listeners, thank 381 00:18:37.359 --> 00:18:39.119 you for joining us on this journey. We hope you've 382 00:18:39.240 --> 00:18:41.759 learned something new and feel more confident in your ability 383 00:18:41.799 --> 00:18:46.480 to spot and avoid phishing scams. Remember, stay informed, stay vigilant, 384 00:18:46.519 --> 00:18:47.799 and stay safe online