Phishing%20Analysis - PowerPoint PPT Presentation

About This Presentation
Title:

Phishing%20Analysis

Description:

Phishing Analysis – PowerPoint PPT presentation

Number of Views:189
Avg rating:3.0/5.0
Slides: 43
Provided by: LynnA155
Learn more at: http://webpages.sou.edu
Category:

less

Transcript and Presenter's Notes

Title: Phishing%20Analysis


1
Phishing Analysis
2
Ojectives
  • Phishing
  • Internet Protocol (IP) addresses
  • Domain Name System (DNS) names
  • Analyse From addresses
  • Analyse URLs
  • Trace the e-mail

3
Phishing
  • E-mail utilizing social engineering
  • Induces the recipient to reveal desired personal
    information
  • Bank account
  • SSN
  • Address
  • Etc.
  • Sometimes entices the recipient to go to a
    malicious web site

4
IP Addressing
  • Each interface on a network is assigned a 32-bit
    IP address
  • The address has a prefix and suffix
  • Network and host ID

5
Finding Your IP Address
  • Examples
  • 3.5.1.193
  • 140.211.91.175
  • 192.168.0.1
  • Finding your own address
  • Open a Command window
  • Type ipconfig/all on Windows

6
Opening a Command Prompt
7
Your IP Address
8
The Easy Way
9
Who Owns an IP Address
  • Managed by the Internet Assigned Numbers
    Authority (IANA)
  • Users are assigned IP addresses by Internet
    Service Providers (ISPs)
  • ISPs obtain allocations of IP addresses from
    their appropriate Regional Internet Registry
    (RIR)

10
Regional Internet Registries (RIR)
  • APNIC (Asia Pacific Network Information Centre)
  • AfriNIC (African Network Information Center)
  • ARIN (American Registry for Internet Numbers)
    North America
  • LACNIC (Regional Latin-American and Caribbean IP
    Address Registry) Latin America and parts of
    the Caribbean
  • RIPE NCC (Réseaux IP Européens) Europe, parts
    of the Middle East and Asia

11
Researching IP Addresses ARIN
12
At Your Finger Tips
13
Address Geographic Location
14
URLsUniform Resource Locater
  • The name of a web site
  • http//www.geobytes.com/IpLocator.htm
  • First name Top Level Domain
  • .com .biz
  • .edu .net
  • .gov .org
  • .mil .etc

15
Family Tree
  • http//www.geobytes.com/IpLocator.htm
  • Second name is the organizations name
  • Third name www is particular web server of
    Geobytes
  • After the / is the directory and document to be
    displayed
  • IpLocator.htm
  • Default is index.html

16
Domain Name System
  • Associates URL Names to IP addresses
  • Examples
  • ww.sou.edu 140.211.107.34
  • The Domain Name System (DNS) is a set of servers
    that together know all the names used on the
    Internet
  • More about this later

17
Email Schemes/Scams
  • Advertisers
  • Spammers
  • Scammers
  • Phishers
  • Spear Phishers

18
E-mail Structure
  • To
  • From
  • C
  • BC
  • Subject
  • Body

19
Basic Email Header
20
Email Header Info
  • Header info can be faked
  • From
  • Reply to
  • Return-path
  • Subject
  • Date
  • Don't believe it!

21
Long HeadersNOT EASY
  • Different for each e-mail client
  • Sometimes impossible
  • www.aeicomputertech.com/forensics_mail_header_info
    .php
  • http//www.abika.com/Reports/Samples/emailheadergu
    ide.htm
  • For campus Groupwise
  • Open e-mail
  • Click on Message Source

22
AOL
  1. Open AOL
  2. Open the e-mail that you wish to check by
    double-clicking it
  3. Under the To line, there should be a Sent from
    the Internet (Details) line
  4. Single left click the word Details to open an
    Internet Information window
  5. This should display the full e-mail header
    information

23
Gmail
  1. Log into the Gmail account
  2. Open the e-mail message in question
  3. To the right of the senders e-mail message will
    be a show details hyperlink and to the right of
    that is a Reply button (I.e., Reply is the
    default option at least of 10/15/2007). To the
    right of the word Reply is a pipe mark (I.e. )
    and a down arrow. Single left-click the down
    arrow to display a small window of options.
  4. Single left-click the word show option
  5. The e-mail headers, in their entirety, will now
    be displayed in a new window

24
Hotmail
  1. Log into your Hotmail account single left-click
    the View Source option.
  2. Single, right-click the e-mail you wish to
    inspect
  3. Single, eft-click the View Source option
  4. The e-mail will now be displayed in its native
    HTML-based format with the e-mail header
    information at the very top.

25
MS Outlook
  • Open Microsoft Outlook
  • Open the e-mail that you wish to check the mail
    header information by double-clicking it
  • Looking at the Office 2007 horizontal "ribbon"
    menu, move your cusor to the "Options" square
  • Underneath the three icons for Categorize,
    Followup, Mark as Unread, there is the word
    "Options" and to the right of it is a small
    three-sided square with a diagonal arrow in it
  • Hovering over this miniature icon produces a
    popup with the wording "Message Options"
  • Single, left-click the miniature icon
  • A "Message Options" window will display
  • The selected e-mail header information will be at
    the bottom of the window to the left of "Internet
    headers"

26
Yahoo!
  • Login to the Yahoo! e-mail account in question
  • Single, left-click the "Options" hyperlink text
    from the top menu
  • Single, left-click the "General Preferences"
    hyperlink text
  • Scroll down to the Messages section of the page
    and place a dot in the second radio button option
    that reads "Show all headers on incoming
    messages"
  • Scroll down to the bottom of the page and single,
    left-click the "Save" button
  • Navigate to and open the e-mail message in
    question
  • The full e-mail header information will now be
    displaye

27
Reading Long Header Info
  • Check path by looking at received list
  • Read it upside down (originator is at the bottom
    of the list)
  • Uses the passive voice, so can be confusing

28
Actual e-mail
29
Long Header Example
30
Real Spam
31
Long Headers
32
RealOwnerof IP Address
33
Real Spam
34
Look for Real Link
35
Checking whois For URL
36
Another Example
Just have to reply to the e-mail But where do
you go? Not where you think.
37
Where you think you are going.
38
Another look at the e-mail
39
ARIN Whois Result
Go to Afrinic
40
Check outAfrinic
41
Phishing Again
Probably should not reply to Nigeria and give
them your bank account number
42
Summary
  • IANA assigns IP addresses
  • Regional Registries assign addresses for regions
  • Start with ARIN when researching
  • ARIN will tell you where to go for non-American
    addresses
  • Turn on long headers in email
  • Don't fall for silly stuff in the body of the
    email
Write a Comment
User Comments (0)
About PowerShow.com