Presentation is loading. Please wait.

Presentation is loading. Please wait.

Phishing Analysis. Ojectives Phishing Internet Protocol (IP) addresses Domain Name System (DNS) names Analyse “From” addresses Analyse URL’s Trace the.

Published byPaul Montgomery Modified over 9 years ago

Similar presentations

Presentation on theme: "Phishing Analysis. Ojectives Phishing Internet Protocol (IP) addresses Domain Name System (DNS) names Analyse “From” addresses Analyse URL’s Trace the."— Presentation transcript:

1 Phishing Analysis

2 Ojectives Phishing Internet Protocol (IP) addresses Domain Name System (DNS) names Analyse “From” addresses Analyse URL’s Trace the e-mail

3 Phishing E-mail utilizing social engineering Induces the recipient to reveal desired personal information Bank account SSN Address Etc. Sometimes entices the recipient to go to a malicious web site

4 IP Addressing Each interface on a network is assigned a 32-bit IP address The address has a prefix and suffix ● Network and host ID

5 Finding Your IP Address Examples –3.5.1.193 –140.211.91.175 –192.168.0.1 Finding your own address –Open a Command window –Type ipconfig/all on Windows

6 Opening a Command Prompt

7 Your IP Address

8 The Easy Way

9 Who Owns an IP Address Managed by the Internet Assigned Numbers Authority (IANA)IANA Users are assigned IP addresses by Internet Service Providers (ISPs) ISPs obtain allocations of IP addresses from their appropriate Regional Internet Registry (RIR)

10 Regional Internet Registries (RIR) APNIC (Asia Pacific Network Information Centre) AfriNIC (African Network Information Center) ARIN (American Registry for Internet Numbers) – North AmericaARIN (American Registry for Internet Numbers) LACNIC (Regional Latin-American and Caribbean IP Address Registry) – Latin America and parts of the CaribbeanLACNIC (Regional Latin-American and Caribbean IP Address Registry) RIPE NCC (Réseaux IP Européens) – Europe, parts of the Middle East and AsiaRIPE NCC (Réseaux IP Européens)

11 Researching IP Addresses ARIN

12 At Your Finger Tips

13 Address Geographic Location

14 URL’s Uniform Resource Locater The name of a web site http://www.geobytes.com/IpLocator.htm First name – Top Level Domain.com.biz.edu.net.gov.org.mil.etc

15 Family Tree http://www.geobytes.com/IpLocator.htm Second name is the organization’s name Third name www is particular web server of Geobytes After the / is the directory and document to be displayed IpLocator.htm Default is index.html

16 Domain Name System Associates URL Names to IP addresses Examples –ww.sou.edu = 140.211.107.34ww.sou.edu The Domain Name System (DNS) is a set of servers that together know all the names used on the Internet More about this later…

17 Email Schemes/Scams Advertisers Spammers Scammers Phishers Spear Phishers

18 E-mail Structure To: From: C: BC: Subject Body

19 Basic Email Header

20 Email Header Info Header info can be faked –From –Reply to –Return-path –Subject –Date Don't believe it!

21 Long Headers NOT EASY Different for each e-mail client Sometimes impossible www.aeicomputertech.com/forensics_mail_header_info.php http://www.abika.com/Reports/Samples/emailheaderguide.htm For campus Groupwise Open e-mail Click on “Message Source”

22 AOL 1.Open AOL 2.Open the e-mail that you wish to check by double-clicking it 3.Under the To: line, there should be a “Sent from the Internet (Details)” line 4.Single left click the word “Details” to open an Internet Information window 5.This should display the full e-mail header information

23 Gmail 1.Log into the Gmail account 2.Open the e-mail message in question 3.To the right of the sender’s e-mail message will be a “show details” hyperlink and to the right of that is a “Reply” button (I.e., Reply is the default option at least of 10/15/2007). To the right of the word “Reply” is a pipe mark (I.e. |) and a down arrow. Single left-click the down arrow to display a small window of options. 4.Single left-click the word “show option” 5.The e-mail headers, in their entirety, will now be displayed in a new window

24 Hotmail 1.Log into your Hotmail account single left-click the “View Source” option. 2.Single, right-click the e-mail you wish to inspect 3.Single, ;eft-click the “View Source” option 4.The e-mail will now be displayed in its native HTML-based format with the e-mail header information at the very top.

25 MS Outlook Open Microsoft Outlook Open the e-mail that you wish to check the mail header information by double-clicking it Looking at the Office 2007 horizontal "ribbon" menu, move your cusor to the "Options" square Underneath the three icons for Categorize, Followup, & Mark as Unread, there is the word "Options" and to the right of it is a small three-sided square with a diagonal arrow in it Hovering over this miniature icon produces a popup with the wording "Message Options" Single, left-click the miniature icon A "Message Options" window will display The selected e-mail header information will be at the bottom of the window to the left of "Internet headers:"

26 Yahoo! Login to the Yahoo! e-mail account in question Single, left-click the "Options" hyperlink text from the top menu Single, left-click the "General Preferences" hyperlink text Scroll down to the Messages section of the page and place a dot in the second radio button option that reads "Show all headers on incoming messages" Scroll down to the bottom of the page and single, left-click the "Save" button Navigate to and open the e-mail message in question The full e-mail header information will now be displaye

27 Reading Long Header Info Check path by looking at “received” list Read it upside down (originator is at the bottom of the list) Uses the passive voice, so can be confusing

28 Actual e-mail

29 Long Header Example

30 Real Spam

31 Long Headers

32 Real Owner of IP Address

33 Real Spam

34 Look for Real Link

35 Checking whois For URL

36 Another Example Just have to reply to the e-mail But where do you go? Not where you think.

37 Where you think you are going.

38 Another look at the e-mail

39 ARIN Whois Result Go to Afrinic

40 Check out Afrinic

41 Phishing Again Probably should not reply to Nigeria and give them your bank account number

42 Summary IANA assigns IP addresses Regional Registries assign addresses for regions Start with ARIN when researching –ARIN will tell you where to go for non- American addresses Turn on long headers in email Don't fall for silly stuff in the body of the email

Download ppt "Phishing Analysis. Ojectives Phishing Internet Protocol (IP) addresses Domain Name System (DNS) names Analyse “From” addresses Analyse URL’s Trace the."

Similar presentations

1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.

1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.
The Internet 8th Edition Tutorial 3 Using Web-Based Services for Communication and Collaboration.

The Internet 8th Edition Tutorial 3 Using Web-Based Services for Communication and Collaboration.
University of Leeds Academic Services How to use ISS filtering service to remove spam with Outlook Qin Li ISS Service Coordinator

University of Leeds Academic Services How to use ISS filtering service to remove spam with Outlook Qin Li ISS Service Coordinator
XP New Perspectives on Browser and E-mail Basics Tutorial 1 1 Browser and E-mail Basics Tutorial 1.

XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
® Microsoft Office 2010 Browser and Email Basics.

® Microsoft Office 2010 Browser and Basics.
Top-Down Network Design Chapter Six Designing Models for Addressing and Naming Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Six Designing Models for Addressing and Naming Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Outlook 2010 Quick Guide Table of Contents: Overview of client, Sending/Receiving e-mail, Using the address book………..………..............2-7 Sent Items……………………………………………………………………………………………..…..8.

Outlook 2010 Quick Guide Table of Contents: Overview of client, Sending/Receiving , Using the address book………..……… Sent Items……………………………………………………………………………………………..…..8.
Outlook 2013 Web App (OWA) User Guide Horizon School Division #205.

Outlook 2013 Web App (OWA) User Guide Horizon School Division #205.
Email Basics. 2 Class Outline Part 1 - Introduction –Explaining email –Parts of an email address –Types of email services –Acquiring an email account.

Basics. 2 Class Outline Part 1 - Introduction –Explaining –Parts of an address –Types of services –Acquiring an account.
XP Browser and E-mail Basics1. XP Browser and E-mail Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.

XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.
Recap of last class History of the Internet – DARPA – ARPANet – Key Players Other non-sense – File sharing (Napster) – Personal information security (Experian)

Recap of last class History of the Internet – DARPA – ARPANet – Key Players Other non-sense – File sharing (Napster) – Personal information security (Experian)
1 of 6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Browser Basics Tutorial 2 Introduction to Microsoft Internet Explorer.

Browser Basics Tutorial 2 Introduction to Microsoft Internet Explorer.
1 of 6 Parts of Your Notebook Below is a graphic overview of the different parts of a OneNote 2007 notebook. Microsoft ® OneNote ® 2007 notebooks are digital.

1 of 6 Parts of Your Notebook Below is a graphic overview of the different parts of a OneNote 2007 notebook. Microsoft ® OneNote ® 2007 notebooks are digital.
CIS 251 – Lesson 4 File Management and The Internet Rod Rodrigues.

CIS 251 – Lesson 4 File Management and The Internet Rod Rodrigues.
CSC586 Network Forensics IP Tracing/Domain Name Tracing.

CSC586 Network Forensics IP Tracing/Domain Name Tracing.
1 of 5 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.

1 of 5 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.
Browser and E-mail Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.

Browser and Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.
Internet Basics.

Internet Basics.
GroupWise Tutorial What is GroupWise? GroupWise is an email and calendar service (much like Microsoft outlook) for Collin College faculty and staff.

GroupWise Tutorial What is GroupWise? GroupWise is an and calendar service (much like Microsoft outlook) for Collin College faculty and staff.

Similar presentations

Ads by Google