Phishing analysis
This presentation is the property of its rightful owner.
Sponsored Links
1 / 42

Phishing Analysis PowerPoint PPT Presentation


  • 45 Views
  • Uploaded on
  • Presentation posted in: General

Phishing Analysis. Ojectives. Phishing Internet Protocol (IP) addresses Domain Name System (DNS) names Analyse “From” addresses Analyse URL’s Trace the e-mail. Phishing. E-mail utilizing social engineering Induces the recipient to reveal desired personal information Bank account SSN

Download Presentation

Phishing Analysis

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Phishing analysis

Phishing Analysis


Ojectives

Ojectives

  • Phishing

  • Internet Protocol (IP) addresses

  • Domain Name System (DNS) names

  • Analyse “From” addresses

  • Analyse URL’s

  • Trace the e-mail


Phishing

Phishing

  • E-mail utilizing social engineering

  • Induces the recipient to reveal desired personal information

    • Bank account

    • SSN

    • Address

    • Etc.

  • Sometimes entices the recipient to go to a malicious web site


  • Ip addressing

    IP Addressing

    • Each interface on a network is assigned a 32-bit IP address

    • The address has a prefix and suffix

      • Network and host ID


    Finding your ip address

    Finding Your IP Address

    • Examples

      • 3.5.1.193

      • 140.211.91.175

      • 192.168.0.1

    • Finding your own address

      • Open a Command window

      • Type ipconfig/all on Windows


    Phishing analysis

    Opening a Command Prompt


    Your ip address

    Your IP Address


    The easy way

    The Easy Way


    Who owns an ip address

    Who Owns an IP Address

    • Managed by the Internet Assigned Numbers Authority (IANA)

    • Users are assigned IP addresses by Internet Service Providers (ISPs)

    • ISPs obtain allocations of IP addresses from their appropriate Regional Internet Registry (RIR)


    Phishing analysis

    Regional Internet Registries (RIR)

    • APNIC (Asia Pacific Network Information Centre)

    • AfriNIC (African Network Information Center)

    • ARIN (American Registry for Internet Numbers)– North America

    • LACNIC (Regional Latin-American and Caribbean IP Address Registry) – Latin America and parts of the Caribbean

    • RIPE NCC (Réseaux IP Européens) – Europe, parts of the Middle East and Asia


    Researching ip addresses arin

    Researching IP Addresses ARIN


    At your finger tips

    At Your Finger Tips


    Address geographic location

    Address Geographic Location


    Url s uniform resource locater

    URL’sUniform Resource Locater

    • The name of a web site

    • http://www.geobytes.com/IpLocator.htm

    • First name – Top Level Domain

      .com.biz

      .edu.net

      .gov.org

      .mil.etc


    Family tree

    Family Tree

    • http://www.geobytes.com/IpLocator.htm

      • Second name is the organization’s name

      • Third name www is particular web server of Geobytes

  • After the / is the directory and document to be displayed

    • IpLocator.htm

    • Default is index.html


  • Phishing analysis

    Domain Name System

    • Associates URL Names to IP addresses

    • Examples

      • ww.sou.edu = 140.211.107.34

    • The Domain Name System (DNS) is a set of servers that together know all the names used on the Internet

    • More about this later…


    Phishing analysis

    Email Schemes/Scams

    • Advertisers

    • Spammers

    • Scammers

    • Phishers

    • Spear Phishers


    E mail structure

    E-mail Structure

    • To:

    • From:

    • C:

    • BC:

    • Subject

    • Body


    Basic email header

    Basic Email Header


    Phishing analysis

    Email Header Info

    • Header info can be faked

      • From

      • Reply to

      • Return-path

      • Subject

      • Date

    • Don't believe it!


    Long headers not easy

    Long HeadersNOT EASY

    • Different for each e-mail client

    • Sometimes impossible

    • www.aeicomputertech.com/forensics_mail_header_info.php

    • http://www.abika.com/Reports/Samples/emailheaderguide.htm

    • For campus Groupwise

      • Open e-mail

      • Click on “Message Source”


    Phishing analysis

    AOL

    • Open AOL

    • Open the e-mail that you wish to check by double-clicking it

    • Under the To: line, there should be a “Sent from the Internet (Details)” line

    • Single left click the word “Details” to open an Internet Information window

    • This should display the full e-mail header information


    Gmail

    Gmail

    • Log into the Gmail account

    • Open the e-mail message in question

    • To the right of the sender’s e-mail message will be a “show details” hyperlink and to the right of that is a “Reply” button (I.e., Reply is the default option at least of 10/15/2007). To the right of the word “Reply” is a pipe mark (I.e. |) and a down arrow. Single left-click the down arrow to display a small window of options.

    • Single left-click the word “show option”

    • The e-mail headers, in their entirety, will now be displayed in a new window


    Hotmail

    Hotmail

    • Log into your Hotmail account single left-click the “View Source” option.

    • Single, right-click the e-mail you wish to inspect

    • Single, ;eft-click the “View Source” option

    • The e-mail will now be displayed in its native HTML-based format with the e-mail header information at the very top.


    Ms outlook

    MS Outlook

    • Open Microsoft Outlook

    • Open the e-mail that you wish to check the mail header information by double-clicking it

    • Looking at the Office 2007 horizontal "ribbon" menu, move your cusor to the "Options" square

    • Underneath the three icons for Categorize, Followup, & Mark as Unread, there is the word "Options" and to the right of it is a small three-sided square with a diagonal arrow in it

    • Hovering over this miniature icon produces a popup with the wording "Message Options"

    • Single, left-click the miniature icon

    • A "Message Options" window will display

    • The selected e-mail header information will be at the bottom of the window to the left of "Internet headers:"


    Yahoo

    Yahoo!

    • Login to the Yahoo! e-mail account in question

    • Single, left-click the "Options" hyperlink text from the top menu

    • Single, left-click the "General Preferences" hyperlink text

    • Scroll down to the Messages section of the page and place a dot in the second radio button option that reads "Show all headers on incoming messages"

    • Scroll down to the bottom of the page and single, left-click the "Save" button

    • Navigate to and open the e-mail message in question

    • The full e-mail header information will now be displaye


    Phishing analysis

    Reading Long Header Info

    • Check path by looking at “received” list

    • Read it upside down (originator is at the bottom of the list)

    • Uses the passive voice, so can be confusing


    Actual e mail

    Actual e-mail


    Long header example

    Long Header Example


    Real spam

    Real Spam


    Long headers

    Long Headers


    Real owner of ip address

    RealOwnerof IP Address


    Real spam1

    Real Spam


    Look for real link

    Look for Real Link


    Phishing analysis

    Checking whois

    For

    URL


    Another example

    Another Example

    Just have to

    reply to the e-mail

    But where do you go?

    Not where you think.


    Where you think you are going

    Where you think you are going.


    Another look at the e mail

    Another look at the e-mail


    Phishing analysis

    ARIN Whois Result

    Go to Afrinic


    Check out afrinic

    Check outAfrinic


    Phishing analysis

    Phishing Again

    Probably should

    not reply to Nigeria

    and give them your

    bank account number


    Phishing analysis

    Summary

    • IANA assigns IP addresses

    • Regional Registries assign addresses for regions

    • Start with ARIN when researching

      • ARIN will tell you where to go for non-American addresses

    • Turn on long headers in email

    • Don't fall for silly stuff in the body of the email


  • Login