Back to Courses

PREVIOUS

NEXT

Jadon Montero breaks down increasingly sophisticated cyberattack methods, showing how attackers exploit visual deception, technical trickery, and psychological manipulation to compromise users.

🧩 Level 1 – Homograph Attacks (Visual Lookalikes)

Attackers use characters that look nearly identical (like "rn" instead of "m" or Cyrillic letters that resemble Latin ones) to trick users into clicking malicious links.
👉 It’s a simple yet effective trick because our eyes don’t always catch the subtle differences.

🧩 Level 2 – Unicode Manipulation

Attackers substitute letters with Unicode characters (e.g., Cyrillic “і” or “а”), which appear identical to familiar letters but are technically different.
👉 This bypasses detection tools and fools users into thinking URLs are legitimate.

🧩 Level 3 – Font-Based Deception

Even if you could spot the fake character in one font, a change in font can completely mask the difference. What looks like "google.com" may still contain fake letters but appears normal in certain typefaces.
👉 This makes visual inspection alone unreliable.

🧩 Level 4 – Adversary-in-the-Middle (AiTM) Attacks

With tools like Evil Proxy, attackers create fake login pages (e.g., for Microsoft). When you enter credentials:

  • They pass those to the real Microsoft site.

  • You get logged in like normal.

  • Meanwhile, the attacker captures your session token, giving them full access without needing your password again.
    👉 It’s seamless to the victim and highly dangerous.

🎭 Bonus – Deepfake Audio Scams

The speaker plays a fake voicemail from a familiar-sounding person (e.g., “Hey Lex… Love you, bye.”) using AI voice cloning. It sounds real but is part of a scam:

  • You trust the voice.

  • You act on a request (e.g., send money).

  • It was an attacker the whole time.
    👉 Subtle oddities like awkward pauses or unnatural phrasing may be the only clue.

🧠 Takeaway

Modern cyberattacks are:

  • Automated and scalable.

  • Visually and emotionally deceptive.

  • Designed to exploit trust and routine behaviors.

Small mistakes (clicking a link, trusting a voice) can lead to serious breaches or financial loss. The speaker emphasizes awareness and collective diligence as key defenses against this growing threat.

Cybersecurity: An (Un)necessary Evil with Jadon Montero, CEO of Murmur