We’re working to compile a number of complimentary resources to help you in your goal of gaining security consciousness. Please check back often, as we’ll continually be adding to these resources.
So just how easy is it to create a fake phishing website? Very simple. When our phishing study was discussed, we had thought about phishing as a local bank, but then decided we didn’t want FBI windbreakers showing up at our doorstep. 🙂 While we didn’t spend as much time crafting these pages to be pixel perfect, as we did our phishing site, they still look pretty legitimate for just a few hours of work:
If we were truly phishing, the fake site would be programmed to take you to the legitimate banking site after you supplied us with your login information (we did program the above pages to take you to the legitimate page when you click login). This would make you think the information was just entered incorrectly. You’d login again, to the legitimate site, and the login would be successful. This process allows the attacker to have access to your credentials, without raising any red flags.
Johnstown Chamber of Commerce – IT Security for Small Businesses Seminar
On May 11th, Brian Shrift and Dr. Kevin Slonka spoke to a number of small businesses regarding IT Security and ways small businesses can protect themselves online. Additionally, they released the results of their study, in which they phished their own clients, in an effort to improve their security awareness and training programs.