1
00:00:00,000 --> 00:00:00,930
In this lesson,

2
00:00:00,930 --> 00:00:02,550
I'm going to show you how easy it is

3
00:00:02,550 --> 00:00:04,650
to conduct your own phishing campaign,

4
00:00:04,650 --> 00:00:05,939
so you can test your users

5
00:00:05,939 --> 00:00:08,010
and see if they know the correct practices

6
00:00:08,010 --> 00:00:10,140
and how to avoid a phishing scam.

7
00:00:10,140 --> 00:00:11,550
Now, in this campaign,

8
00:00:11,550 --> 00:00:13,800
what we're going to do is create our own email,

9
00:00:13,800 --> 00:00:15,240
we're going to send it out to our users

10
00:00:15,240 --> 00:00:16,830
inside our organization,

11
00:00:16,830 --> 00:00:18,660
see if they click on any of those links,

12
00:00:18,660 --> 00:00:19,680
and if they do,

13
00:00:19,680 --> 00:00:21,840
we're going to provide them remedial training.

14
00:00:21,840 --> 00:00:22,740
To do all of this,

15
00:00:22,740 --> 00:00:24,450
it's not complicated at all.

16
00:00:24,450 --> 00:00:26,580
In fact, you can use a free program

17
00:00:26,580 --> 00:00:29,220
that's provided by Trend Micro to do this for you.

18
00:00:29,220 --> 00:00:31,650
This program is called Phish Insights.

19
00:00:31,650 --> 00:00:34,200
To access Phish Insight, you simply need to go

20
00:00:34,200 --> 00:00:37,350
to phishinsight.trendmicro.com.

21
00:00:37,350 --> 00:00:38,970
If you've never used it before, you'll have

22
00:00:38,970 --> 00:00:40,800
to sign up and create an account.

23
00:00:40,800 --> 00:00:43,650
Again, this is a wonderful free tool.

24
00:00:43,650 --> 00:00:45,690
Next, it'll log into your account.

25
00:00:45,690 --> 00:00:48,300
So if we want to create a campaign for ourself,

26
00:00:48,300 --> 00:00:51,270
we're just going to click on create a campaign.

27
00:00:51,270 --> 00:00:53,160
Now I'm going to make a very small campaign here

28
00:00:53,160 --> 00:00:55,920
of just one target, so I'm just going to key in the recipient

29
00:00:55,920 --> 00:00:58,290
of who I want to send this message to.

30
00:00:58,290 --> 00:01:01,230
And the person I'm going to send it to is Jason.

31
00:01:01,230 --> 00:01:03,210
So I'm just going to call my list name Jason.

32
00:01:03,210 --> 00:01:08,210
And I'm going to put Jason comma Dion, jason@diontraining.com

33
00:01:08,340 --> 00:01:13,230
and his title, which is Instructor and that should be fine.

34
00:01:13,230 --> 00:01:14,610
And then we'll hit continue.

35
00:01:14,610 --> 00:01:16,470
And you'll see that I now have first name Jason,

36
00:01:16,470 --> 00:01:18,540
last name Dion, department as instructor,

37
00:01:18,540 --> 00:01:19,800
and his email address.

38
00:01:19,800 --> 00:01:21,210
Go ahead and hit done.

39
00:01:21,210 --> 00:01:22,800
Next, I'll go down to step two,

40
00:01:22,800 --> 00:01:24,690
which is selecting a template.

41
00:01:24,690 --> 00:01:26,310
What I'm going to do is I'm going to select one

42
00:01:26,310 --> 00:01:28,410
that looks like a LinkedIn connection request.

43
00:01:28,410 --> 00:01:30,180
'cause we get those all day long

44
00:01:30,180 --> 00:01:32,220
and most of us don't think twice

45
00:01:32,220 --> 00:01:33,480
about clicking on them.

46
00:01:33,480 --> 00:01:34,770
So if I just click on that,

47
00:01:34,770 --> 00:01:36,360
this is the email they're going to get.

48
00:01:36,360 --> 00:01:38,460
It's going to say, Jason, please add me

49
00:01:38,460 --> 00:01:40,110
to your LinkedIn network.

50
00:01:40,110 --> 00:01:42,150
And all these places would add in Jason Dion.

51
00:01:42,150 --> 00:01:45,360
Hi Jason Dion, I'd like to join your LinkedIn network.

52
00:01:45,360 --> 00:01:47,070
And there's the accept or the view profile,

53
00:01:47,070 --> 00:01:49,560
the subscribe, all that kind of good stuff.

54
00:01:49,560 --> 00:01:52,260
And this looks like a very realistic email

55
00:01:52,260 --> 00:01:53,580
and it's already done for us.

56
00:01:53,580 --> 00:01:55,560
If we wanted to, we could customize it

57
00:01:55,560 --> 00:01:57,210
to make it look less like LinkedIn

58
00:01:57,210 --> 00:01:58,710
or more like something else.

59
00:01:58,710 --> 00:02:01,110
But for now we're going to use this default.

60
00:02:01,110 --> 00:02:02,400
Next, we're going to go through

61
00:02:02,400 --> 00:02:05,640
and specify what the email address is going to come from.

62
00:02:05,640 --> 00:02:09,479
In my case, it's going to come from invitations@linkedin.com.

63
00:02:09,479 --> 00:02:12,150
Notice the email is not actually spelled out LinkedIn,

64
00:02:12,150 --> 00:02:13,410
they're missing a D.

65
00:02:13,410 --> 00:02:15,660
This is something that our user should see

66
00:02:15,660 --> 00:02:18,630
and hopefully flag it as a phishing scam

67
00:02:18,630 --> 00:02:20,040
as opposed to a real one.

68
00:02:20,040 --> 00:02:22,620
And notice that invitations is also spelled wrong.

69
00:02:22,620 --> 00:02:25,830
But if you wanted to make this look very, very realistic,

70
00:02:25,830 --> 00:02:28,350
you could actually put the exact correct

71
00:02:28,350 --> 00:02:32,760
invitations@linkedin.com and spell it all correctly.

72
00:02:32,760 --> 00:02:34,590
Next, you can set up a schedule

73
00:02:34,590 --> 00:02:37,800
and run your campaign over several weeks or over one week

74
00:02:37,800 --> 00:02:39,390
or two weeks or even a month.

75
00:02:39,390 --> 00:02:41,520
And this is good if you have a large organization

76
00:02:41,520 --> 00:02:42,720
where you're doing this with hundreds

77
00:02:42,720 --> 00:02:44,250
or thousands of employees,

78
00:02:44,250 --> 00:02:46,290
you want to see if they learn over time.

79
00:02:46,290 --> 00:02:49,140
And so by doing that, you can set up a schedule.

80
00:02:49,140 --> 00:02:50,850
You can also then decide

81
00:02:50,850 --> 00:02:53,340
what happens if they click on one of the links.

82
00:02:53,340 --> 00:02:55,590
So I can have, when the campaign ends,

83
00:02:55,590 --> 00:02:57,270
they will get training and be told, yes,

84
00:02:57,270 --> 00:02:58,560
you clicked on a link and you shouldn't have,

85
00:02:58,560 --> 00:02:59,760
or no you didn't.

86
00:02:59,760 --> 00:03:00,960
Or you can do it immediately.

87
00:03:00,960 --> 00:03:02,730
When they click on a link and they're phished,

88
00:03:02,730 --> 00:03:04,830
they might get something that looks like this.

89
00:03:04,830 --> 00:03:06,420
This is a webpage that would come up

90
00:03:06,420 --> 00:03:08,340
and say, "Hey, you've been phished.

91
00:03:08,340 --> 00:03:09,810
You need some remedial training.

92
00:03:09,810 --> 00:03:11,820
Click here and you'll get the training."

93
00:03:11,820 --> 00:03:15,573
Something of that nature. So that's the way you can do that.

94
00:03:16,440 --> 00:03:19,140
And if we go back up here to our invitation setting

95
00:03:19,140 --> 00:03:21,390
or schedule, where you can do it without notice,

96
00:03:21,390 --> 00:03:23,430
so I'm going to leave it with When Phished.

97
00:03:23,430 --> 00:03:25,380
And then you can send yourself a text message

98
00:03:25,380 --> 00:03:27,273
or confirm to start the campaign.

99
00:03:30,300 --> 00:03:32,910
So now you'll see that that campaign is upcoming

100
00:03:32,910 --> 00:03:35,970
and it will start in about an hour from now.

101
00:03:35,970 --> 00:03:38,790
Once that happens, we'll be able to see who gets fooled,

102
00:03:38,790 --> 00:03:41,640
analyze those results and give those people training.

103
00:03:41,640 --> 00:03:44,460
So let's look at an example phishing email.

104
00:03:44,460 --> 00:03:47,880
I just sent one out that showed it was coming from LinkedIn.

105
00:03:47,880 --> 00:03:50,280
Now this is what the user is going to see.

106
00:03:50,280 --> 00:03:53,550
From all looks, it looks like a legitimate email.

107
00:03:53,550 --> 00:03:55,897
If I look at the subject line, it says,

108
00:03:55,897 --> 00:03:58,110
"Jason, please add me your LinkedIn network."

109
00:03:58,110 --> 00:04:01,020
If I look at who it came from, it came from Invitations.

110
00:04:01,020 --> 00:04:03,450
And if I look at the message, it's got the LinkedIn logo,

111
00:04:03,450 --> 00:04:06,240
it's got things that look just like a LinkedIn message,

112
00:04:06,240 --> 00:04:07,500
but it's not.

113
00:04:07,500 --> 00:04:08,820
If I click on any of these links,

114
00:04:08,820 --> 00:04:10,590
it's not going to take me to LinkedIn.

115
00:04:10,590 --> 00:04:12,960
Instead it's going to take me to a phishing website.

116
00:04:12,960 --> 00:04:16,230
And as you see, as I hover over it, notice what the link is,

117
00:04:16,230 --> 00:04:19,769
it's not linkedin.com, it's websitefun.club.

118
00:04:19,769 --> 00:04:21,750
If I go over here to the profile one, same thing.

119
00:04:21,750 --> 00:04:23,880
It brings me to another area of that website.

120
00:04:23,880 --> 00:04:26,430
Changing the frequency, same thing.

121
00:04:26,430 --> 00:04:28,650
This is a classic phishing scam

122
00:04:28,650 --> 00:04:29,880
where it looks like one thing,

123
00:04:29,880 --> 00:04:32,070
but when you click on it, it goes to another.

124
00:04:32,070 --> 00:04:34,110
Notice, this email is well crafted.

125
00:04:34,110 --> 00:04:36,750
It's crafted to look exactly like LinkedIn,

126
00:04:36,750 --> 00:04:39,060
and it will trick a lot of your users.

127
00:04:39,060 --> 00:04:40,350
So one of the things we want to do

128
00:04:40,350 --> 00:04:42,960
with our phishing campaigns is to train our users

129
00:04:42,960 --> 00:04:44,880
that clicking links is bad.

130
00:04:44,880 --> 00:04:48,780
Instead, if I got this as a user, what should I do?

131
00:04:48,780 --> 00:04:50,430
I should open up a new web browser

132
00:04:50,430 --> 00:04:53,400
and I should go to linkedin.com, the site I know.

133
00:04:53,400 --> 00:04:56,700
And from there I can accept or reject that friend request.

134
00:04:56,700 --> 00:04:57,870
But just getting an email,

135
00:04:57,870 --> 00:04:59,250
you don't want to click on those links

136
00:04:59,250 --> 00:05:02,400
because that is an easy way to get yourself into trouble

137
00:05:02,400 --> 00:05:04,200
because it can download malware

138
00:05:04,200 --> 00:05:06,450
or it might just collect information from you.

139
00:05:06,450 --> 00:05:08,400
Like you click on it, it says, we need your username

140
00:05:08,400 --> 00:05:10,140
and password to log into LinkedIn.

141
00:05:10,140 --> 00:05:11,340
And they have a website sitting there

142
00:05:11,340 --> 00:05:12,933
that looks just like LinkedIn.