Phishing Lab. Lab 9: Phishing ● Step 1: Acquire Some Data ● Open the Phishing_Evidence document. This is the original e-mail in its initial format as.

Slides:



Advertisements
Similar presentations
Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.
Advertisements

HTML IFRAMES, COLORS, ENTITIES, URL. HTML IFRAMES An iframe is used to display a web page within a web page. Apep Kamaludin, MT. |
How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.
Links and Comments.
XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.
s. Why use s?  send a message any time, any where and the recipient can read it at his or her convenience.  same message to several people.
11 October HTML: Links and Forms. Agenda News: William Knight Review of HTML Pages Meeting sheet passed HTML Links Networking and the Internet HTML Forms.
Browser and Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.
How to Establish a Blog. What is a Blog A blog is a collection of informational articles/ideas intended to update a viewer on new information associated.
Internet Basics.
Phishing Analysis. Ojectives Phishing Internet Protocol (IP) addresses Domain Name System (DNS) names Analyse “From” addresses Analyse URL’s Trace the.
Basics Dayton Metro Library Place photo here August 10, 2015.
Computer Concepts 2014 Chapter 7 The Web and .
URL AND DNS A SHORT INTRODUCTION Rachel White7/11/2014.
Intro to Google Apps B3: Working in Google Drive.
Surveillance Equipment For Internet Activities It is a Internet activities surveillance equipment designed for sniffer package from networking, converter.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 12 Electronic Mail.
Server tools. Site server tools can be utilised to build, host, track and monitor transactions on a business site. There are a wide range of possibilities.
27.1 Chapter 27 WWW and HTTP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Evaluating Sources Write-n-Cite Research Skills Objectives: To evaluate sources. Essential Questions: How can you evaluate a source?
THE OSI MODEL AND THE TCP/IP PROTOCOL SUITE CS 1202 Lectur3 part2.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
Etiquette at MstreamIT. By Sam 1.  1. Title page.  2. Contents page.  3. Introduction.  4. Ways to access s.  5. Send to multiple contacts.
1 Internet Presentation GCC-IT commity Saleem Al-Balooshi ETISALAT.
Learning Aid Type Text Page 206 MGS GROUP C Svitlana Panasik.
Follow the Data Data (and information) move from place to place in computer systems and networks. As it moves it changes form frequently. This story describes.
Created by, Nancy Harris, James Madison University, VA FLUENCY WITH INFORMATION TECNOLOGY Skills, Concepts, and Capabilities.
What is and How Does it Work?  Electronic mail ( ) is the most popular use of the Internet. It is a fast and inexpensive way of sending messages.
Understanding Technology Crime Investigation for Managers.
HTML Internet Basics & Beyond. What The Heck Is HTML? HTML is the language of web pages. In order to truly understand HTML, you need to know a little.
The System Unit What is the motherboard?  Also called the system board  Main circuit board in the system unit  Contains many electronic components.
Introduction to web development and HTML MGMT 230 LAB.
Dedicated to preserving the central coordinating functions of the global Internet for the public good. John L. Crain, Chief Technical Officer, ICANN
Forms and Server Side Includes. What are Forms? Forms are used to get user input We’ve all used them before. For example, ever had to sign up for courses.
Basic Features and Options Accessing  Means of communicating electronically via the Internet.  Used by individuals, businesses,
XP New Perspectives on The Internet, Sixth Edition— Comprehensive Tutorial 2 1 Evaluating an Program and a Web-Based Service Basic Communication.
27.1 Chapter 27 WWW and HTTP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
RYAN HICKLING. WHAT IS AN An messages distributed by electronic means from one computer user to one or more recipients via a network.
GOOGLE GROUPS TRAINING How to use the internet to make the Own It! project teams as efficient and successful as possible.
Do Now: Describe the steps used to access the comments tool in MS Word. ( review your notes for the answer) Ex: Step 1. Select the text or item you want.
How Computers Work Part 3 18 February Data Types  Computer doesn’t know what the bits represents or what format is being used  Computer assumes.
Basics What is ? is short for electronic mail. is a method for sending messages electronically from one computer.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 18 Windows Internet Name Service (WINS)
The Internet, Fourth Edition-- Illustrated 1 The Internet – Illustrated Introductory, Fourth Edition Unit B Understanding Browser Basics.
27.1 Chapter 27 WWW and HTTP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.
Tutorial 1 Getting Started with Adobe Dreamweaver CS5.
Spring 2006 CPE : Application Layer_ 1 Special Topics in Computer Engineering Application layer: Some of these Slides are Based on Slides.
Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.
Hyperlinks Links for Other Pages. Hyperlink (aka Link) Text (or image) user can click Takes user to different location In general, location can be: On.
Don’t click on that! Kevin Hill.  Spam: Unwanted commercial ◦ Advertising ◦ Comes from people wanting to sell you stuff. ◦ Headers may be forged.
IP Addresses IPv4 IPv6.
Chapter 9 Introduction To Data-Link Layer 9.# 1
Vocabulary Prototype: A preliminary sketch of an idea or model for something new. It’s the original drawing from which something real might be built or.
Vocabulary Prototype: A preliminary sketch of an idea or model for something new. It’s the original drawing from which something real might be built or.
Remote Logging, Electronic Mail, and File Transfer
11 October Building a Web Site.
Vocabulary Prototype: A preliminary sketch of an idea or model for something new. It’s the original drawing from which something real might be built or.
The OSI Model and the TCP/IP Protocol Suite
Vocabulary Prototype: A preliminary sketch of an idea or model for something new. It’s the original drawing from which something real might be built or.
Vocabulary Prototype: A preliminary sketch of an idea or model for something new. It’s the original drawing from which something real might be built or.
How Data Flows through the Internet
The OSI Model and the TCP/IP Protocol Suite
Unit 4: Data Communication
Hyperlinks and Protocols
Web Server Technology Unit 10 Website Design and Development.
Encoding and Sending Formatted Text
Follow the Data Data (and information) move from place to place in computer systems and networks. As it moves it changes form frequently. This story.
How Our Customers Communicate With Us
The OSI Model and the TCP/IP Protocol Suite
Presentation transcript:

Phishing Lab

Lab 9: Phishing ● Step 1: Acquire Some Data ● Open the Phishing_Evidence document. This is the original in its initial format as seen by a non-technical user, ● 1. Does this document look suspicious to you? ● ● 2. If you were the recipient, would you follow the instructions in the and go to the website and provide your account details, such as your account number and PIN? ● Open the Phishing_Evidence_Long_Headers document. This is the same saved by a technical user. The technical user found the options in the application that would allow her to “view long headers” and/or “view raw source.”

Determine Sender ● The long headers option, which may be called something else in different applications, lets a user view the actual sender and the path that the took to arrive at the recipient. The raw source option lets the user view the actual text of the message, without any formatting. ● Study the Phishing_Evidence_ Long_Headers document to determine if you can tell the path that the message took. Here are some hints: The final recipient is The last server that received this message was students.sou.edu. The barracuda.sou.edu server sent this message to students.sou.edu. Look for a line that includes “ by barracuda.sou.edu ” to determine which server sent the message to barracuda. The line will tell you from whom barracuda received the message. ●

Server IP Address ● 3. What is the Internet Protocol (IP) address of the server that sent the message to barracuda.sou.edu? ● ● The message (after the header) includes a URL. Compare the URL in the original (non- technical) version of the to the one in the technical version. The technical version will show the URL twice. Look for lines that start with or

Original vs. Technical ● 4. What is the URL in the original version of the (the non-technical view)? ● ● 5. What URLs do you see in the technical version of the ? ●

Step 2: Analyze the Header Now it’s time to figure out the true identify of the server that sent the message to the barracuda server. In most investigations, the first step is to look up the server’s IP address at the American Registry for Internet Numbers (ARIN). Go to the following website and look up the address that you wrote down in Question 3. ● ● ● ● 6. What does ARIN tell you about this address? ● ● If ARIN tells you that the address is registered by a non-American registry, such as the Asia Pacific Network Information Center (APNIC) or the Réseaux IP Européens (RIPE), go the URL for the Whois database of that registry. (The ARIN page you went to should have a link to that registry’s Whois database.) ●

IP Address Owner ● 7. What company owns the IP address that you looked up? ● ● 8. What country is that company in? ● ● Remember that the recipient of this message was an SOU student Assume that the victim lives near Ashland, OR and has never opened a bank account outside the Western United States.

● 9. If this student were to receive a legitimate message from Citibank, where do you think it would come from? Go to and determine the location of some reasonably close Citibank offices or ATMs and jot down some possible locations: ● ● 10. Does it seem suspicious that received a message from Citibank from the location that you discovered in Question 8? ●

Step 3: Analyze the URL ● In the Phishing_Evidence_Long_Headers document, find the URL that looks like this: ● href=" %65%78%2E%68%74%6D" ● The numbers that follow the percent sign are hexadecimal (Base 16) codes for alphabetic letters and numbers. They are encoded using a system called the American Standard Code for Information Interchange (ASCII). Find an ASCII table on the Internet or Slide #??? and convert the hex numbers to characters and determine what the URL really states. ● 11. What is the alphabetic representation of the URL? ● ● The URL includes an IP address and a port number. For example, the URL might be something like: The is an IP address. The 80 is a port number. Use the techniques you used in the previous section to determine who owns the IP address in the URL that you decoded in Question 11. ●

IP Address/Port Owner ● 12. What company or organization owns the IP address in the URL that you decoded in Question 11? ● ● Port 80 is usually used for web browsing. The port number in the URL in our case isn’t 80, however. ● ● 13. What is the port number in the URL that you decoded? ● ● The Internet Assigned Numbers Authority (IANA) maintains a list of port numbers and what they are used for. If you go to the website, you can determine the meaning of the port number you decoded.

Conclusions ● 14. What is that port number used for? ● ● 15. Does that port number seem suspicious to you? ● 16.How will you deal with suspicious s in the future? ●

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.