|COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring.|
Phishing tips and techniques: tackle, rigging, and how and when to phish
If you have a question about this talk, please contact Saar Drimer.
Note unusual time of talk in addition to our regularly scheduled one
Despite the crypto wars having mostly ended some years ago, we don’t seem to be any better off now that good crypto is widely available. The reason for this is that attackers are exploiting the weakest link in the interface and doing an end-run around the crypto. This talk looks at the technical and psychological backgrounds behind why phishing works, and how this can be exploited to make phishing attacks more effective. To date, apart from the occasional use of psychology grads by 419 scammers, no-one has really looked at the wetware mechanisms that make phishing successful. Security technology doesn’t help here, with poorly-designed user interfaces playing right into the phishers hands.
After covering the psychological nuts and bolts of how users think and make decisions, the talk goes into specific examples of user behaviour clashing with security user interface design, and how this could be exploited by attackers to bypass security speedbumps that might be triggered by phishing attacks. Depending on your point of view, this is either a somewhat hair-raising cookbook for more effective phishing techniques, or a warning about how these types of attacks work and what needs to be defended against.
Peter Gutmann’s webpage: http://www.cs.auckland.ac.nz/~pgut001/
This talk is part of the Computer Laboratory Security Seminar series.
This talk is included in these lists:
Note that ex-directory lists are not shown.
Other listsSt Catharine's College Amalgamated Societies Lecture Series Odd perfect numbers Psych
Other talksThe 2015 Sleep Summit Spectacular Chemistry Demonstration Lecture Research Showcase - Centre for Risk Studies The threat of pandemics Connecting Biology to Mathematics by way of Symbolic Computing The 2015 Annual Risk Summit