Phishing analysis
Sponsored Links
This presentation is the property of its rightful owner.
1 / 42

Phishing Analysis PowerPoint PPT Presentation


  • 50 Views
  • Uploaded on
  • Presentation posted in: General

Phishing Analysis. Ojectives. Phishing Internet Protocol (IP) addresses Domain Name System (DNS) names Analyse “From” addresses Analyse URL’s Trace the e-mail. Phishing. E-mail utilizing social engineering Induces the recipient to reveal desired personal information Bank account SSN

Download Presentation

Phishing Analysis

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Phishing Analysis


Ojectives

  • Phishing

  • Internet Protocol (IP) addresses

  • Domain Name System (DNS) names

  • Analyse “From” addresses

  • Analyse URL’s

  • Trace the e-mail


Phishing

  • E-mail utilizing social engineering

  • Induces the recipient to reveal desired personal information

    • Bank account

    • SSN

    • Address

    • Etc.

  • Sometimes entices the recipient to go to a malicious web site


  • IP Addressing

    • Each interface on a network is assigned a 32-bit IP address

    • The address has a prefix and suffix

      • Network and host ID


    Finding Your IP Address

    • Examples

      • 3.5.1.193

      • 140.211.91.175

      • 192.168.0.1

    • Finding your own address

      • Open a Command window

      • Type ipconfig/all on Windows


    Opening a Command Prompt


    Your IP Address


    The Easy Way


    Who Owns an IP Address

    • Managed by the Internet Assigned Numbers Authority (IANA)

    • Users are assigned IP addresses by Internet Service Providers (ISPs)

    • ISPs obtain allocations of IP addresses from their appropriate Regional Internet Registry (RIR)


    Regional Internet Registries (RIR)

    • APNIC (Asia Pacific Network Information Centre)

    • AfriNIC (African Network Information Center)

    • ARIN (American Registry for Internet Numbers)– North America

    • LACNIC (Regional Latin-American and Caribbean IP Address Registry) – Latin America and parts of the Caribbean

    • RIPE NCC (Réseaux IP Européens) – Europe, parts of the Middle East and Asia


    Researching IP Addresses ARIN


    At Your Finger Tips


    Address Geographic Location


    URL’sUniform Resource Locater

    • The name of a web site

    • http://www.geobytes.com/IpLocator.htm

    • First name – Top Level Domain

      .com.biz

      .edu.net

      .gov.org

      .mil.etc


    Family Tree

    • http://www.geobytes.com/IpLocator.htm

      • Second name is the organization’s name

      • Third name www is particular web server of Geobytes

  • After the / is the directory and document to be displayed

    • IpLocator.htm

    • Default is index.html


  • Domain Name System

    • Associates URL Names to IP addresses

    • Examples

      • ww.sou.edu = 140.211.107.34

    • The Domain Name System (DNS) is a set of servers that together know all the names used on the Internet

    • More about this later…


    Email Schemes/Scams

    • Advertisers

    • Spammers

    • Scammers

    • Phishers

    • Spear Phishers


    E-mail Structure

    • To:

    • From:

    • C:

    • BC:

    • Subject

    • Body


    Basic Email Header


    Email Header Info

    • Header info can be faked

      • From

      • Reply to

      • Return-path

      • Subject

      • Date

    • Don't believe it!


    Long HeadersNOT EASY

    • Different for each e-mail client

    • Sometimes impossible

    • www.aeicomputertech.com/forensics_mail_header_info.php

    • http://www.abika.com/Reports/Samples/emailheaderguide.htm

    • For campus Groupwise

      • Open e-mail

      • Click on “Message Source”


    AOL

    • Open AOL

    • Open the e-mail that you wish to check by double-clicking it

    • Under the To: line, there should be a “Sent from the Internet (Details)” line

    • Single left click the word “Details” to open an Internet Information window

    • This should display the full e-mail header information


    Gmail

    • Log into the Gmail account

    • Open the e-mail message in question

    • To the right of the sender’s e-mail message will be a “show details” hyperlink and to the right of that is a “Reply” button (I.e., Reply is the default option at least of 10/15/2007). To the right of the word “Reply” is a pipe mark (I.e. |) and a down arrow. Single left-click the down arrow to display a small window of options.

    • Single left-click the word “show option”

    • The e-mail headers, in their entirety, will now be displayed in a new window


    Hotmail

    • Log into your Hotmail account single left-click the “View Source” option.

    • Single, right-click the e-mail you wish to inspect

    • Single, ;eft-click the “View Source” option

    • The e-mail will now be displayed in its native HTML-based format with the e-mail header information at the very top.


    MS Outlook

    • Open Microsoft Outlook

    • Open the e-mail that you wish to check the mail header information by double-clicking it

    • Looking at the Office 2007 horizontal "ribbon" menu, move your cusor to the "Options" square

    • Underneath the three icons for Categorize, Followup, & Mark as Unread, there is the word "Options" and to the right of it is a small three-sided square with a diagonal arrow in it

    • Hovering over this miniature icon produces a popup with the wording "Message Options"

    • Single, left-click the miniature icon

    • A "Message Options" window will display

    • The selected e-mail header information will be at the bottom of the window to the left of "Internet headers:"


    Yahoo!

    • Login to the Yahoo! e-mail account in question

    • Single, left-click the "Options" hyperlink text from the top menu

    • Single, left-click the "General Preferences" hyperlink text

    • Scroll down to the Messages section of the page and place a dot in the second radio button option that reads "Show all headers on incoming messages"

    • Scroll down to the bottom of the page and single, left-click the "Save" button

    • Navigate to and open the e-mail message in question

    • The full e-mail header information will now be displaye


    Reading Long Header Info

    • Check path by looking at “received” list

    • Read it upside down (originator is at the bottom of the list)

    • Uses the passive voice, so can be confusing


    Actual e-mail


    Long Header Example


    Real Spam


    Long Headers


    RealOwnerof IP Address


    Real Spam


    Look for Real Link


    Checking whois

    For

    URL


    Another Example

    Just have to

    reply to the e-mail

    But where do you go?

    Not where you think.


    Where you think you are going.


    Another look at the e-mail


    ARIN Whois Result

    Go to Afrinic


    Check outAfrinic


    Phishing Again

    Probably should

    not reply to Nigeria

    and give them your

    bank account number


    Summary

    • IANA assigns IP addresses

    • Regional Registries assign addresses for regions

    • Start with ARIN when researching

      • ARIN will tell you where to go for non-American addresses

    • Turn on long headers in email

    • Don't fall for silly stuff in the body of the email


  • Login