phishing analysis
Download
Skip this Video
Download Presentation
Phishing Analysis

Loading in 2 Seconds...

play fullscreen
1 / 42

Phishing Analysis - PowerPoint PPT Presentation


  • 77 Views
  • Uploaded on

Phishing Analysis. Ojectives. Phishing Internet Protocol (IP) addresses Domain Name System (DNS) names Analyse “From” addresses Analyse URL’s Trace the e-mail. Phishing. E-mail utilizing social engineering Induces the recipient to reveal desired personal information Bank account SSN

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Phishing Analysis' - dori


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
ojectives
Ojectives
  • Phishing
  • Internet Protocol (IP) addresses
  • Domain Name System (DNS) names
  • Analyse “From” addresses
  • Analyse URL’s
  • Trace the e-mail
phishing
Phishing
  • E-mail utilizing social engineering
  • Induces the recipient to reveal desired personal information
      • Bank account
      • SSN
      • Address
      • Etc.
  • Sometimes entices the recipient to go to a malicious web site
ip addressing
IP Addressing
  • Each interface on a network is assigned a 32-bit IP address
  • The address has a prefix and suffix
    • Network and host ID
finding your ip address
Finding Your IP Address
  • Examples
    • 3.5.1.193
    • 140.211.91.175
    • 192.168.0.1
  • Finding your own address
    • Open a Command window
    • Type ipconfig/all on Windows
who owns an ip address
Who Owns an IP Address
  • Managed by the Internet Assigned Numbers Authority (IANA)
  • Users are assigned IP addresses by Internet Service Providers (ISPs)
  • ISPs obtain allocations of IP addresses from their appropriate Regional Internet Registry (RIR)
slide10

Regional Internet Registries (RIR)

  • APNIC (Asia Pacific Network Information Centre)
  • AfriNIC (African Network Information Center)
  • ARIN (American Registry for Internet Numbers)– North America
  • LACNIC (Regional Latin-American and Caribbean IP Address Registry) – Latin America and parts of the Caribbean
  • RIPE NCC (Réseaux IP Européens) – Europe, parts of the Middle East and Asia
url s uniform resource locater
URL’sUniform Resource Locater
  • The name of a web site
  • http://www.geobytes.com/IpLocator.htm
  • First name – Top Level Domain

.com .biz

.edu .net

.gov .org

.mil .etc

family tree
Family Tree
  • http://www.geobytes.com/IpLocator.htm
      • Second name is the organization’s name
      • Third name www is particular web server of Geobytes
  • After the / is the directory and document to be displayed
      • IpLocator.htm
      • Default is index.html
slide16

Domain Name System

  • Associates URL Names to IP addresses
  • Examples
    • ww.sou.edu = 140.211.107.34
  • The Domain Name System (DNS) is a set of servers that together know all the names used on the Internet
  • More about this later…
slide17

Email Schemes/Scams

  • Advertisers
  • Spammers
  • Scammers
  • Phishers
  • Spear Phishers
e mail structure
E-mail Structure
  • To:
  • From:
  • C:
  • BC:
  • Subject
  • Body
slide20

Email Header Info

  • Header info can be faked
    • From
    • Reply to
    • Return-path
    • Subject
    • Date
  • Don\'t believe it!
long headers not easy
Long HeadersNOT EASY
  • Different for each e-mail client
  • Sometimes impossible
  • www.aeicomputertech.com/forensics_mail_header_info.php
  • http://www.abika.com/Reports/Samples/emailheaderguide.htm
  • For campus Groupwise
      • Open e-mail
      • Click on “Message Source”
slide22
AOL
  • Open AOL
  • Open the e-mail that you wish to check by double-clicking it
  • Under the To: line, there should be a “Sent from the Internet (Details)” line
  • Single left click the word “Details” to open an Internet Information window
  • This should display the full e-mail header information
gmail
Gmail
  • Log into the Gmail account
  • Open the e-mail message in question
  • To the right of the sender’s e-mail message will be a “show details” hyperlink and to the right of that is a “Reply” button (I.e., Reply is the default option at least of 10/15/2007). To the right of the word “Reply” is a pipe mark (I.e. |) and a down arrow. Single left-click the down arrow to display a small window of options.
  • Single left-click the word “show option”
  • The e-mail headers, in their entirety, will now be displayed in a new window
hotmail
Hotmail
  • Log into your Hotmail account single left-click the “View Source” option.
  • Single, right-click the e-mail you wish to inspect
  • Single, ;eft-click the “View Source” option
  • The e-mail will now be displayed in its native HTML-based format with the e-mail header information at the very top.
ms outlook
MS Outlook
  • Open Microsoft Outlook
  • Open the e-mail that you wish to check the mail header information by double-clicking it
  • Looking at the Office 2007 horizontal "ribbon" menu, move your cusor to the "Options" square
  • Underneath the three icons for Categorize, Followup, & Mark as Unread, there is the word "Options" and to the right of it is a small three-sided square with a diagonal arrow in it
  • Hovering over this miniature icon produces a popup with the wording "Message Options"
  • Single, left-click the miniature icon
  • A "Message Options" window will display
  • The selected e-mail header information will be at the bottom of the window to the left of "Internet headers:"
yahoo
Yahoo!
  • Login to the Yahoo! e-mail account in question
  • Single, left-click the "Options" hyperlink text from the top menu
  • Single, left-click the "General Preferences" hyperlink text
  • Scroll down to the Messages section of the page and place a dot in the second radio button option that reads "Show all headers on incoming messages"
  • Scroll down to the bottom of the page and single, left-click the "Save" button
  • Navigate to and open the e-mail message in question
  • The full e-mail header information will now be displaye
slide27

Reading Long Header Info

  • Check path by looking at “received” list
  • Read it upside down (originator is at the bottom of the list)
  • Uses the passive voice, so can be confusing
another example
Another Example

Just have to

reply to the e-mail

But where do you go?

Not where you think.

slide39

ARIN Whois Result

Go to Afrinic

slide41

Phishing Again

Probably should

not reply to Nigeria

and give them your

bank account number

slide42

Summary

  • IANA assigns IP addresses
  • Regional Registries assign addresses for regions
  • Start with ARIN when researching
    • ARIN will tell you where to go for non-American addresses
  • Turn on long headers in email
  • Don\'t fall for silly stuff in the body of the email
ad