Phishing analysis
Sponsored Links
This presentation is the property of its rightful owner.
1 / 42

Phishing Analysis PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Phishing Analysis. Ojectives. Phishing Internet Protocol (IP) addresses Domain Name System (DNS) names Analyse “From” addresses Analyse URL’s Trace the e-mail. Phishing. E-mail utilizing social engineering Induces the recipient to reveal desired personal information Bank account SSN

Download Presentation

Phishing Analysis

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Phishing Analysis


  • Phishing

  • Internet Protocol (IP) addresses

  • Domain Name System (DNS) names

  • Analyse “From” addresses

  • Analyse URL’s

  • Trace the e-mail


  • E-mail utilizing social engineering

  • Induces the recipient to reveal desired personal information

    • Bank account

    • SSN

    • Address

    • Etc.

  • Sometimes entices the recipient to go to a malicious web site

  • IP Addressing

    • Each interface on a network is assigned a 32-bit IP address

    • The address has a prefix and suffix

      • Network and host ID

    Finding Your IP Address

    • Examples




    • Finding your own address

      • Open a Command window

      • Type ipconfig/all on Windows

    Opening a Command Prompt

    Your IP Address

    The Easy Way

    Who Owns an IP Address

    • Managed by the Internet Assigned Numbers Authority (IANA)

    • Users are assigned IP addresses by Internet Service Providers (ISPs)

    • ISPs obtain allocations of IP addresses from their appropriate Regional Internet Registry (RIR)

    Regional Internet Registries (RIR)

    • APNIC (Asia Pacific Network Information Centre)

    • AfriNIC (African Network Information Center)

    • ARIN (American Registry for Internet Numbers)– North America

    • LACNIC (Regional Latin-American and Caribbean IP Address Registry) – Latin America and parts of the Caribbean

    • RIPE NCC (Réseaux IP Européens) – Europe, parts of the Middle East and Asia

    Researching IP Addresses ARIN

    At Your Finger Tips

    Address Geographic Location

    URL’sUniform Resource Locater

    • The name of a web site


    • First name – Top Level Domain


    Family Tree


      • Second name is the organization’s name

      • Third name www is particular web server of Geobytes

  • After the / is the directory and document to be displayed

    • IpLocator.htm

    • Default is index.html

  • Domain Name System

    • Associates URL Names to IP addresses

    • Examples

      • =

    • The Domain Name System (DNS) is a set of servers that together know all the names used on the Internet

    • More about this later…

    Email Schemes/Scams

    • Advertisers

    • Spammers

    • Scammers

    • Phishers

    • Spear Phishers

    E-mail Structure

    • To:

    • From:

    • C:

    • BC:

    • Subject

    • Body

    Basic Email Header

    Email Header Info

    • Header info can be faked

      • From

      • Reply to

      • Return-path

      • Subject

      • Date

    • Don't believe it!

    Long HeadersNOT EASY

    • Different for each e-mail client

    • Sometimes impossible



    • For campus Groupwise

      • Open e-mail

      • Click on “Message Source”


    • Open AOL

    • Open the e-mail that you wish to check by double-clicking it

    • Under the To: line, there should be a “Sent from the Internet (Details)” line

    • Single left click the word “Details” to open an Internet Information window

    • This should display the full e-mail header information


    • Log into the Gmail account

    • Open the e-mail message in question

    • To the right of the sender’s e-mail message will be a “show details” hyperlink and to the right of that is a “Reply” button (I.e., Reply is the default option at least of 10/15/2007). To the right of the word “Reply” is a pipe mark (I.e. |) and a down arrow. Single left-click the down arrow to display a small window of options.

    • Single left-click the word “show option”

    • The e-mail headers, in their entirety, will now be displayed in a new window


    • Log into your Hotmail account single left-click the “View Source” option.

    • Single, right-click the e-mail you wish to inspect

    • Single, ;eft-click the “View Source” option

    • The e-mail will now be displayed in its native HTML-based format with the e-mail header information at the very top.

    MS Outlook

    • Open Microsoft Outlook

    • Open the e-mail that you wish to check the mail header information by double-clicking it

    • Looking at the Office 2007 horizontal "ribbon" menu, move your cusor to the "Options" square

    • Underneath the three icons for Categorize, Followup, & Mark as Unread, there is the word "Options" and to the right of it is a small three-sided square with a diagonal arrow in it

    • Hovering over this miniature icon produces a popup with the wording "Message Options"

    • Single, left-click the miniature icon

    • A "Message Options" window will display

    • The selected e-mail header information will be at the bottom of the window to the left of "Internet headers:"


    • Login to the Yahoo! e-mail account in question

    • Single, left-click the "Options" hyperlink text from the top menu

    • Single, left-click the "General Preferences" hyperlink text

    • Scroll down to the Messages section of the page and place a dot in the second radio button option that reads "Show all headers on incoming messages"

    • Scroll down to the bottom of the page and single, left-click the "Save" button

    • Navigate to and open the e-mail message in question

    • The full e-mail header information will now be displaye

    Reading Long Header Info

    • Check path by looking at “received” list

    • Read it upside down (originator is at the bottom of the list)

    • Uses the passive voice, so can be confusing

    Actual e-mail

    Long Header Example

    Real Spam

    Long Headers

    RealOwnerof IP Address

    Real Spam

    Look for Real Link

    Checking whois



    Another Example

    Just have to

    reply to the e-mail

    But where do you go?

    Not where you think.

    Where you think you are going.

    Another look at the e-mail

    ARIN Whois Result

    Go to Afrinic

    Check outAfrinic

    Phishing Again

    Probably should

    not reply to Nigeria

    and give them your

    bank account number


    • IANA assigns IP addresses

    • Regional Registries assign addresses for regions

    • Start with ARIN when researching

      • ARIN will tell you where to go for non-American addresses

    • Turn on long headers in email

    • Don't fall for silly stuff in the body of the email

  • Login