More Related Content
Similar to 8.1.Phishing Analysis.ppt
Similar to 8.1.Phishing Analysis.ppt (20)
Recently uploaded
Recently uploaded (20)
8.1.Phishing Analysis.ppt
- 2. Ojectives • Phishing • Internet Protocol (IP) addresses • Domain Name System (DNS) names • Analyse “From” addresses • Analyse URL’s • Trace the e-mail
- 3. Phishing • E-mail utilizing social engineering • Induces the recipient to reveal desired personal information • Bank account • SSN • Address • Etc. • Sometimes entices the recipient to go to a malicious web site
- 4. IP Addressing • Each interface on a network is assigned a 32-bit IP address • The address has a prefix and suffix ● Network and host ID
- 5. Finding Your IP Address • Examples – 3.5.1.193 – 140.211.91.175 – 192.168.0.1 • Finding your own address – Open a Command window – Type ipconfig/all on Windows
- 8. The Easy Way
- 9. Who Owns an IP Address • Managed by the Internet Assigned Numbers Authority (IANA) • Users are assigned IP addresses by Internet Service Providers (ISPs) • ISPs obtain allocations of IP addresses from their appropriate Regional Internet Registry (RIR)
- 10. Regional Internet Registries (RIR) • APNIC (Asia Pacific Network Information Centre) • AfriNIC (African Network Information Center) • ARIN (American Registry for Internet Numbers) – North America • LACNIC (Regional Latin-American and Caribbean IP Address Registry) – Latin America and parts of the Caribbean • RIPE NCC (Réseaux IP Européens) – Europe, parts of the Middle East and Asia
- 14. URL’s Uniform Resource Locater • The name of a web site • http://www.geobytes.com/IpLocator.htm • First name – Top Level Domain .com .biz .edu .net .gov .org .mil .etc
- 15. Family Tree • http://www.geobytes.com/IpLocator.htm • Second name is the organization’s name • Third name www is particular web server of Geobytes • After the / is the directory and document to be displayed • IpLocator.htm • Default is index.html
- 16. Domain Name System • Associates URL Names to IP addresses • Examples – ww.sou.edu = 140.211.107.34 • The Domain Name System (DNS) is a set of servers that together know all the names used on the Internet • More about this later…
- 17. Email Schemes/Scams • Advertisers • Spammers • Scammers • Phishers • Spear Phishers
- 18. E-mail Structure • To: • From: • C: • BC: • Subject • Body
- 20. Email Header Info • Header info can be faked – From – Reply to – Return-path – Subject – Date • Don't believe it!
- 21. Long Headers NOT EASY • Different for each e-mail client • Sometimes impossible • www.aeicomputertech.com/forensics_mail_header_info.php • http://www.abika.com/Reports/Samples/emailheaderguide.htm • For campus Groupwise • Open e-mail • Click on “Message Source”
- 22. AOL 1. Open AOL 2. Open the e-mail that you wish to check by double-clicking it 3. Under the To: line, there should be a “Sent from the Internet (Details)” line 4. Single left click the word “Details” to open an Internet Information window 5. This should display the full e-mail header information
- 23. Gmail 1. Log into the Gmail account 2. Open the e-mail message in question 3. To the right of the sender’s e-mail message will be a “show details” hyperlink and to the right of that is a “Reply” button (I.e., Reply is the default option at least of 10/15/2007). To the right of the word “Reply” is a pipe mark (I.e. |) and a down arrow. Single left-click the down arrow to display a small window of options. 4. Single left-click the word “show option” 5. The e-mail headers, in their entirety, will now be displayed in a new window
- 24. Hotmail 1. Log into your Hotmail account single left-click the “View Source” option. 2. Single, right-click the e-mail you wish to inspect 3. Single, ;eft-click the “View Source” option 4. The e-mail will now be displayed in its native HTML-based format with the e-mail header information at the very top.
- 25. MS Outlook • Open Microsoft Outlook • Open the e-mail that you wish to check the mail header information by double-clicking it • Looking at the Office 2007 horizontal "ribbon" menu, move your cusor to the "Options" square • Underneath the three icons for Categorize, Followup, & Mark as Unread, there is the word "Options" and to the right of it is a small three-sided square with a diagonal arrow in it • Hovering over this miniature icon produces a popup with the wording "Message Options" • Single, left-click the miniature icon • A "Message Options" window will display • The selected e-mail header information will be at the bottom of the window to the left of "Internet headers:"
- 26. Yahoo! • Login to the Yahoo! e-mail account in question • Single, left-click the "Options" hyperlink text from the top menu • Single, left-click the "General Preferences" hyperlink text • Scroll down to the Messages section of the page and place a dot in the second radio button option that reads "Show all headers on incoming messages" • Scroll down to the bottom of the page and single, left-click the "Save" button • Navigate to and open the e-mail message in question • The full e-mail header information will now be displaye
- 27. Reading Long Header Info • Check path by looking at “received” list • Read it upside down (originator is at the bottom of the list) • Uses the passive voice, so can be confusing
- 28. Actual e-mail
- 30. Real Spam
- 31. Long Headers
- 33. Real Spam
- 34. Look for Real Link
- 36. Another Example Just have to reply to the e-mail But where do you go? Not where you think.
- 37. Where you think you are going.
- 38. Another look at the e-mail
- 39. ARIN Whois Result Go to Afrinic
- 41. Phishing Again Probably should not reply to Nigeria and give them your bank account number
- 42. Summary • IANA assigns IP addresses • Regional Registries assign addresses for regions • Start with ARIN when researching – ARIN will tell you where to go for non- American addresses • Turn on long headers in email • Don't fall for silly stuff in the body of the email