1 / 42

Phishing Analysis

Phishing Analysis. Ojectives. Phishing Internet Protocol (IP) addresses Domain Name System (DNS) names Analyse “From” addresses Analyse URL’s Trace the e-mail. Phishing. E-mail utilizing social engineering Induces the recipient to reveal desired personal information Bank account SSN

dori
Download Presentation

Phishing Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Phishing Analysis

  2. Ojectives • Phishing • Internet Protocol (IP) addresses • Domain Name System (DNS) names • Analyse “From” addresses • Analyse URL’s • Trace the e-mail

  3. Phishing • E-mail utilizing social engineering • Induces the recipient to reveal desired personal information • Bank account • SSN • Address • Etc. • Sometimes entices the recipient to go to a malicious web site

  4. IP Addressing • Each interface on a network is assigned a 32-bit IP address • The address has a prefix and suffix • Network and host ID

  5. Finding Your IP Address • Examples • 3.5.1.193 • 140.211.91.175 • 192.168.0.1 • Finding your own address • Open a Command window • Type ipconfig/all on Windows

  6. Opening a Command Prompt

  7. Your IP Address

  8. The Easy Way

  9. Who Owns an IP Address • Managed by the Internet Assigned Numbers Authority (IANA) • Users are assigned IP addresses by Internet Service Providers (ISPs) • ISPs obtain allocations of IP addresses from their appropriate Regional Internet Registry (RIR)

  10. Regional Internet Registries (RIR) • APNIC (Asia Pacific Network Information Centre) • AfriNIC (African Network Information Center) • ARIN (American Registry for Internet Numbers)– North America • LACNIC (Regional Latin-American and Caribbean IP Address Registry) – Latin America and parts of the Caribbean • RIPE NCC (Réseaux IP Européens) – Europe, parts of the Middle East and Asia

  11. Researching IP Addresses ARIN

  12. At Your Finger Tips

  13. Address Geographic Location

  14. URL’sUniform Resource Locater • The name of a web site • http://www.geobytes.com/IpLocator.htm • First name – Top Level Domain .com .biz .edu .net .gov .org .mil .etc

  15. Family Tree • http://www.geobytes.com/IpLocator.htm • Second name is the organization’s name • Third name www is particular web server of Geobytes • After the / is the directory and document to be displayed • IpLocator.htm • Default is index.html

  16. Domain Name System • Associates URL Names to IP addresses • Examples • ww.sou.edu = 140.211.107.34 • The Domain Name System (DNS) is a set of servers that together know all the names used on the Internet • More about this later…

  17. Email Schemes/Scams • Advertisers • Spammers • Scammers • Phishers • Spear Phishers

  18. E-mail Structure • To: • From: • C: • BC: • Subject • Body

  19. Basic Email Header

  20. Email Header Info • Header info can be faked • From • Reply to • Return-path • Subject • Date • Don't believe it!

  21. Long HeadersNOT EASY • Different for each e-mail client • Sometimes impossible • www.aeicomputertech.com/forensics_mail_header_info.php • http://www.abika.com/Reports/Samples/emailheaderguide.htm • For campus Groupwise • Open e-mail • Click on “Message Source”

  22. AOL • Open AOL • Open the e-mail that you wish to check by double-clicking it • Under the To: line, there should be a “Sent from the Internet (Details)” line • Single left click the word “Details” to open an Internet Information window • This should display the full e-mail header information

  23. Gmail • Log into the Gmail account • Open the e-mail message in question • To the right of the sender’s e-mail message will be a “show details” hyperlink and to the right of that is a “Reply” button (I.e., Reply is the default option at least of 10/15/2007). To the right of the word “Reply” is a pipe mark (I.e. |) and a down arrow. Single left-click the down arrow to display a small window of options. • Single left-click the word “show option” • The e-mail headers, in their entirety, will now be displayed in a new window

  24. Hotmail • Log into your Hotmail account single left-click the “View Source” option. • Single, right-click the e-mail you wish to inspect • Single, ;eft-click the “View Source” option • The e-mail will now be displayed in its native HTML-based format with the e-mail header information at the very top.

  25. MS Outlook • Open Microsoft Outlook • Open the e-mail that you wish to check the mail header information by double-clicking it • Looking at the Office 2007 horizontal "ribbon" menu, move your cusor to the "Options" square • Underneath the three icons for Categorize, Followup, & Mark as Unread, there is the word "Options" and to the right of it is a small three-sided square with a diagonal arrow in it • Hovering over this miniature icon produces a popup with the wording "Message Options" • Single, left-click the miniature icon • A "Message Options" window will display • The selected e-mail header information will be at the bottom of the window to the left of "Internet headers:"

  26. Yahoo! • Login to the Yahoo! e-mail account in question • Single, left-click the "Options" hyperlink text from the top menu • Single, left-click the "General Preferences" hyperlink text • Scroll down to the Messages section of the page and place a dot in the second radio button option that reads "Show all headers on incoming messages" • Scroll down to the bottom of the page and single, left-click the "Save" button • Navigate to and open the e-mail message in question • The full e-mail header information will now be displaye

  27. Reading Long Header Info • Check path by looking at “received” list • Read it upside down (originator is at the bottom of the list) • Uses the passive voice, so can be confusing

  28. Actual e-mail

  29. Long Header Example

  30. Real Spam

  31. Long Headers

  32. RealOwnerof IP Address

  33. Real Spam

  34. Look for Real Link

  35. Checking whois For URL

  36. Another Example Just have to reply to the e-mail But where do you go? Not where you think.

  37. Where you think you are going.

  38. Another look at the e-mail

  39. ARIN Whois Result Go to Afrinic

  40. Check outAfrinic

  41. Phishing Again Probably should not reply to Nigeria and give them your bank account number

  42. Summary • IANA assigns IP addresses • Regional Registries assign addresses for regions • Start with ARIN when researching • ARIN will tell you where to go for non-American addresses • Turn on long headers in email • Don't fall for silly stuff in the body of the email

More Related