Email and web security
-
Upload
shahhardik27 -
Category
Technology
-
view
777 -
download
2
Transcript of Email and web security
![Page 1: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/1.jpg)
EMAIL AND WEB SECURITY
![Page 2: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/2.jpg)
The first e-mail message was sent in 1971 by an engineer named Ray Tomlinson.
![Page 3: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/3.jpg)
WHAT IS EMAIL?
• E-Mail Electronic mail
• A method of exchanging messages in digital
form.
• E-mail systems are based on a store-and-
forward method in which e-mail server accept,
forwards, delivers and stores messages on
behalf of users.
Users only need to connect to the internet
through a computer for the duration of message
submission or retrieval.
![Page 4: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/4.jpg)
Email Service Providers
![Page 5: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/5.jpg)
SECURITY FEATURES OF SOME EMAIL SERVICE PROVIDERS
![Page 6: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/6.jpg)
![Page 7: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/7.jpg)
![Page 8: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/8.jpg)
![Page 9: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/9.jpg)
FILTERS
![Page 10: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/10.jpg)
![Page 11: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/11.jpg)
![Page 12: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/12.jpg)
MULTIPLE SIGN-IN With multiple sign-in, you can sign in to up to tenaccounts in the same web browser. If you sign outof any Google product from any of your accounts,you’ll be signed out of all your Google Accounts atonce.
Security issue: - If one account is compromised there is a threat toall the accounts.
![Page 13: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/13.jpg)
AUTHORISING APPLICATIONS & SITES Activating this feature allows non-Google
websites and applications to access your account and sync with your data
Security issue: - Google doesn’t review or endorse any third-party websites, so make sure you trust the website and understand Google's privacy policy before approving
![Page 14: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/14.jpg)
2-STEP VERIFICATION
It adds a layer of security to your Google
Account by requiring access to your phone -
as well as your username and password -
when you sign in
If someone steals or guesses your password,
that person can’t sign in to your account
because they don’t have your phone.
![Page 15: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/15.jpg)
MAKE SURE YOU READ Terms of usage policy – outlines how you
are supposed to use Google’s platformMandatory to provide under Indian Cyber Law
(Sec. 79)
Privacy policy – outlines Information that Google collect and how they use it
Mandatory to provide under Indian Cyber Law (Sec.43A)
![Page 16: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/16.jpg)
![Page 17: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/17.jpg)
SIGN-IN SEAL
A sign-in seal is a secret message or photo that Yahoo! will display on this computer only.
Look for it every time you sign in, to make sure you're on a genuine Yahoo! site.
If the message, photo, or colors are different, you may have landed on a phishing site.
![Page 18: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/18.jpg)
![Page 19: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/19.jpg)
![Page 20: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/20.jpg)
![Page 21: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/21.jpg)
![Page 22: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/22.jpg)
![Page 23: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/23.jpg)
PHISHING - A PRACTICAL CASE STUDY
![Page 24: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/24.jpg)
WHAT IS PHISHING? Phishing involves fraudulently acquiring
sensitive information (e.g. passwords, credit card details etc) by masquerading as a trusted entity.
![Page 25: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/25.jpg)
THE SITES
www.noodlebank.com (i.e NOODLEBANK.com) www.nood1ebank.com (i.e NOOD1EBANK.com)
![Page 26: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/26.jpg)
THE REAL SITE
![Page 27: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/27.jpg)
![Page 28: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/28.jpg)
![Page 29: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/29.jpg)
![Page 30: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/30.jpg)
![Page 31: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/31.jpg)
THE SPOOFED EMAIL
![Page 32: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/32.jpg)
THE SPOOFING
The link appears as
www.noodlebank.com (i.e NOODLEBANK.com)
But actually it links to
www.nood1ebank.com (i.e NOOD1EBANK.com)
![Page 33: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/33.jpg)
THE FAKE SITE
![Page 34: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/34.jpg)
![Page 35: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/35.jpg)
![Page 36: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/36.jpg)
![Page 37: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/37.jpg)
![Page 38: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/38.jpg)
![Page 39: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/39.jpg)
![Page 40: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/40.jpg)
THE “STEAL”
• When Debasis entered his username-
password at the spoofed website, the
username-password was sent across to the
criminal carrying out the phishing attack.
![Page 41: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/41.jpg)
![Page 42: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/42.jpg)
MORE EXAMPLES…
• In this case study, the user was enticed with a misleading URL. Such urls can be created easily using simple html code such as:
<a href=http://www.nood1ebank.com>
http://www.noodlebank.com</a>
• This link displays the correct url but on clicking takes the user to the spoofed url.
![Page 43: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/43.jpg)
USING A URL WITH AN IP ADDRESS
http://[email protected]
This url does not lead to noodlebank.com, it leads to the website on the IP address 67.19.217.53
![Page 44: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/44.jpg)
USING A SPLIT DOMAIN NAME
http://www.NOODLEBANK.com.securitycheck.secure-login.nood1ebank.com/login.asp
This url does not lead to noodlebank.com, it leads to the spoofed website.
![Page 45: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/45.jpg)
USING AN OBFUSCATED URL
http://www.NOODLEBANK.com%00@%36%37%2e%31%39%2e%32%31%37%2e%35%33
This url does not lead to noodlebank.com, it leads to the website on the IP address 67.19.217.53
![Page 46: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/46.jpg)
HEX TO ASCII CONVERTER
http://www.dolcevie.com/js/converter.html
![Page 47: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/47.jpg)
TEST
www.phish-no-phish.com
![Page 48: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/48.jpg)
SENDING FAKE EMAILS http://mailz.funmaza.co.uk/ http://deadfake.com/Send.aspx
![Page 49: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/49.jpg)
UNDERSTANDING FAKE MAIL
E-mail headers analysis –Email header is the information that travels with every email, containing details about the sender, route and receiver.
![Page 50: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/50.jpg)
ANALYZING HEADERS
To see the g-mail header click on the
arrow button next to the “Reply” option
click on “show original”
![Page 51: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/51.jpg)
Header of the mail sent by using “fakemailer
Analyse Message ID
![Page 52: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/52.jpg)
Email Bombing
![Page 53: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/53.jpg)
Email Bombing
![Page 54: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/54.jpg)
![Page 55: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/55.jpg)
![Page 56: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/56.jpg)
![Page 57: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/57.jpg)
![Page 58: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/58.jpg)
EMAIL FRAUDS
Bogus offers Vigra @ 80% discount price
Requests for help email promising treasure
Lottery scams
Confidence trick
Get-rich-quick schemes
Money mules
![Page 59: Email and web security](https://reader034.fdocuments.in/reader034/viewer/2022052621/557ed35bd8b42a706f8b5133/html5/thumbnails/59.jpg)
AVOIDING EMAIL FRAUD
Keep one's email address as secret as possible
Use a spam filter
Notice the several spelling errors in the body of
the "official looking" email
Ignore unsolicited emails of all types, simply
deleting them
Don’t be greedy, since greed is often the
element that allows one to be "hooked"