Email and web security

1,187 views

Published on

Published in: Technology
1 Comment
0 Likes
Statistics
Notes
  • free free download this latest version 100% working.
    download link- http://gg.gg/hqcf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total views
1,187
On SlideShare
0
From Embeds
0
Number of Embeds
146
Actions
Shares
0
Downloads
71
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

Email and web security

  1. 1. EMAIL AND WEB SECURITY
  2. 2. The first e-mail message was sentin 1971 by an engineer named RayTomlinson.
  3. 3. WHAT IS EMAIL?• E-Mail  Electronic mail• A method of exchanging messages in digital form.• E-mail systems are based on a store-and-forwardmethod in which e-mail server accept, forwards,delivers and stores messages on behalf of users.Users only need to connect to the internet through acomputer for the duration of message submission orretrieval.
  4. 4. Email Service Providers
  5. 5. SECURITY FEATURES OF SOME EMAIL SERVICE PROVIDERS
  6. 6. FILTERS
  7. 7. MULTIPLE SIGN-IN With multiple sign-in, you can sign in to up to tenaccounts in the same web browser. If you sign outof any Google product from any of your accounts,you’ll be signed out of all your Google Accounts atonce. Security issue: - If one account is compromised there is a threat to all the accounts.
  8. 8. AUTHORISINGAPPLICATIONS & SITES Activating this feature allows  non-Google websites and applications to access your account and sync with your data Security issue: - Google doesn’t review or endorse any third-party websites, so make sure you trust the website and understand Googles privacy policy before approving
  9. 9. 2-STEP VERIFICATION It adds a layer of security to your Google Account by requiring access to your phone - as well as your username and password - when you sign in If someone steals or guesses your password, that person can’t sign in to your account because they don’t have your phone.
  10. 10. MAKE SURE YOU READ Terms of usage policy – outlines how you are supposed to use Google’s platform Mandatory to provide under Indian Cyber Law(Sec. 79) Privacy policy – outlines Information that Google collect and how they use itMandatory to provide under Indian Cyber Law (Sec.43A)
  11. 11. SIGN-IN SEALA sign-in seal is a secret message or photo that Yahoo!will display on this computer only.Look for it every time you sign in, to make sure youreon a genuine Yahoo! site.If the message, photo, or colors are different, you mayhave landed on a phishing site.
  12. 12. PHISHING - A PRACTICALCASE STUDY
  13. 13. WHAT IS PHISHING? Phishing involves fraudulently acquiring sensitive information (e.g. passwords, credit card details etc) by masquerading as a trusted entity.
  14. 14. THE SITES www.noodlebank.com (i.e NOODLEBANK.com) www.nood1ebank.com (i.e NOOD1EBANK.com)
  15. 15. THE REAL SITE
  16. 16. THE SPOOFED EMAIL
  17. 17. THE SPOOFING The link appears aswww.noodlebank.com (i.e NOODLEBANK.com) But actually it links towww.nood1ebank.com (i.e NOOD1EBANK.com)
  18. 18. THE FAKE SITE
  19. 19. THE “STEAL”• When Debasis entered his username-password at the spoofed website, the username-password was sent across to the criminal carrying out the phishing attack.
  20. 20. MORE EXAMPLES…• In this case study, the user was enticed with a misleading URL. Such urls can be created easily using simple html code such as: <a href=http://www.nood1ebank.com> http://www.noodlebank.com</a>• This link displays the correct url but on clicking takes the user to the spoofed url.
  21. 21. USING A URL WITH AN IPADDRESShttp://www.NOODLEBANK.com@67.19.217.53 This url does not lead to noodlebank.com, it leads to the website on the IP address 67.19.217.53
  22. 22. USING A SPLIT DOMAIN NAMEhttp://www.NOODLEBANK.com.securitycheck.sec ure-login.nood1ebank.com/login.asp This url does not lead to noodlebank.com, it leads to the spoofed website.
  23. 23. USING AN OBFUSCATED URLhttp://www.NOODLEBANK.com%00@%36%37%2e %31%39%2e%32%31%37%2e%35%33 This url does not lead to noodlebank.com, it leads to the website on the IP address 67.19.217.53
  24. 24. HEX TO ASCII CONVERTERhttp://www.dolcevie.com/js/converter.html
  25. 25. TESTwww.phish-no-phish.com
  26. 26. SENDING FAKE EMAILS http://mailz.funmaza.co.uk/ http://deadfake.com/Send.aspx
  27. 27. UNDERSTANDING FAKE MAIL E-mail headers analysis – Email header is the information that travels with every email, containing details about the sender, route and receiver.
  28. 28. ANALYZING HEADERS To see the g-mail header click on the arrow button next to the “Reply” option  click on “show original”
  29. 29. Header of the mail sent by using “fakemailer Analyse Message ID
  30. 30. Email Bombing
  31. 31. Email Bombing
  32. 32. EMAIL FRAUDS Bogus offers  Vigra @ 80% discount price Requests for help  email promising treasure Lottery scams Confidence trick Get-rich-quick schemes Money mules
  33. 33. AVOIDING EMAIL FRAUD Keep ones email address as secret as possible Use a spam filter Notice the several spelling errors in the body of the "official looking" email Ignore unsolicited emails of all types, simply deleting them Don’t be greedy, since greed is often the element that allows one to be "hooked"
  34. 34. Email-sagar.rahurkar@iqspl.com Phone : 09623444448 No FB pings please…!

×