Online Course for Phishing

Online Course for PhishingAhmed Hassan Al-AsmariApplied Phishing PROJECT in TI-ANS-ANS-TTCThe written report aims to return an online course for Social engineering (phishing) for TTC students. The proposed course is designed based on the approach of re watch based learning. Proposed design of the circuit is supported by the theory. The report aims to provide an online course for ICT department. The expected result is to provide a new learning course for protection information Provide a new content, types, problems, solutions and how to certified about phishing technology.What is phishing? Its proficiency used to steal somebodyal information through junk e-mailming, fake websites, unofficial applications or other deceptive means, thats means someone take in a website which resembles original website 100% and the website which created asked for specific data such as request information entry or data update or add together credit card and so on. So, this way is start by entrust ing a mental object which similar to the kernel the original company and the content of put across request to entry the link to update data, sometimes the link malicious files which help phishersto control device and steal data. To avoid Internet phishing, people should contain knowledge of different types of phishing techniques and they must also be conscious of anti-phishing techniques to defend themselves from getting phished1.2.1. Phishing Techniques2.1.1. Email / SpamPhishing by using email or spam be most common phishing scam. Phishers merchant ship send the similar email to millions of drug drug users, requesting them to loading personal data. The information which are steal will used for illegal shipway. more or less of the message have a note which ask users to enter the personal information to update and verify accounts. Sometime, phishers asked you to fill a form to gate to a new services(Figure1)2.2.1.2. Instant MessagingInstant messaging is one of the phishi ng ways which used by sending a message provide a link that strike user to fake website, thats website are similar to the original website. So, If user dont check the URL of this link, because he will fall on the phisherhand, sometimes its going to be hard to find out the different between the original and fake URL. Then, link contain form which phisher asked to fill(Figure23)1. 2.1.3. Link exerciselink manipulation is one methods that phisher use in websites by sending a link and when user click the link it will start to direct user to the phisher website instead website which in the link. The way to prevent link manipulation is to throw the indicator of mouse over the link to check the real link(Figure34)1.2.1.4. administration ReconfigurationPhishers may send a message that asked the user to change the cliquetings of the computer. The message might arrive from a web talking to which comparable an official source. For lawsuit URL can be change by phishers to direct victim to a fake websites. For example a URL website of a FACEBOOK may modified from www.facebook.com to www.facebo0k.com1.2.1.5. Phishing through Search EnginesThis is one of phishing scams and that by using search engines which direct the user advertisement sites which may present low price products or services. So, when the user select some of these offers and begin to put data of the credit card, then its collected by the phishing site(Figure45)6.2.1.6. Phone PhishingThe phisher may also used phone by making calls to random users and request them personal details about bank account or any others information and the phishing caller may be automate response. They may be friendly with you, start calling you by your first name and asking you about your family. They may act working in a company you trust and asking to update your accounts or asking for credit card. So, we see that kind of phisher have a little information about you to begin with the call and after the call, they may get all the data they want to complete steal whole data.2.1.7. Malware PhishingPhishing scams malware its one of the technique need to be thrash on the users PCs. The malware is typically linked to the email sent to the user by the phishers. Once you get on the link, the malware will begin to publishing and causes damages indoors PC. Sometimes, the malware attached to downloadable files.phishing was spread around the year 1995, but they was not known to people until few years. So, this is negative point for people who does not take a careful and about the phishers because they maybe make a serious problems in one day. So, it is helpful to have a basic understanding of the behind them7.Most of the phishing scam are successful and that because people dont know about scam methods which phishers use it. So, there are several ways to avoid to be a victim. We can get the idea about those sway which may help to prevent phishers to steal your information and be aware about the following list Keep Informed about social engineering techniques extraly phishing techniques so that will help you to have an information about the methods scams that phishers use it and you know the ways to prevent all scams.Install an Anti-Phishing. So, a lot of popular Internet browsers can be Associated with anti-phishing toolbars. So, this is a common way to prevent the phishing through search engines or websites, anti-phishing toolbar can alert you from fake websites by blocking it. Such as AdBlock.Verify a sites security its important that websites you visit are security and free from fake advertisement and illegal products. So, keep informed about the websites URL which should have to begin with https. Also, you should see an icon lock close to the address URL. Also verify the certificate of websites security.Verify your online accounts sporadically as long as you dont visit your online account for a long time, verify each of your online accounts periodically and changing your crys regu larly too. Its good that each of your accounts has different password.Use best firewalls you can use two option kinds a desktop firewall and this is a software architectural plan type install in your device, second is a network firewall this is a type of hardware which are in a routers or switches.Never confront Out Personal data.Use Antivirus Software.Use an Alert Password from Google to alert you from phishing.We see here in this figure5 the cycle of phishers witch they move with each go when they target personals or companies. figure below will explain this cycle more(Figure58)9What do you think about your passwords. Do you use just one or simple to figure out variations on just one? If you do both, you shouldnt, because youre making it easy for a phishers to get access to your personal information. Every password for every site or different accounts should be different. Letters numbers and characters work best to keep password difficult and hard to get. Change them repeated ly. The special programs for internet security and system of device can help you to keep follow of your passwords.Because Google are the famous company and has too many users, Its important to set high level of security to protect users information. So, from the phishing side, Google has created a new tool which can secure users data from phishing. The main idea of this tool is to alert user when the password of account are entered in other original google.com. So, if user receive a message in e-mail and this mail are grimace like original web knave of Google and with a link asked you to change or update your password account. Then you click the link and start to direct you to another website and steal your personal data. So, this tool from Google will alert you when personal data are entered in other Google account and trying to follow and show the suspicious signup page and alert you before you enter your personal data and password(Figurs610)11.There are several target in a phis hing the end users, businesses, the computer compromised to host fraudulent sites and the ISP hosting the email address. So, phishing want to get the important information from those to get all permission to control12.I think about the most common type of phishing technique are used is E-mail phishing so far. I chose that type because I see that in every news, TV, websites and social media. The last attacks which happen in Saudi-Arabian Arabia in Jan 2017 by the virus which called SHAMOON by Green Big groups. This virus targeted most popular company in Saudi Arabia like ARAMCO and Communications and Information Technology. The virus was working for several attacks like send an E-mail to the employs of the ARAMCO company which include the malicious link and the message is similar to original messages of the company. Then, some of the employs are failed in this E-mails and the viruses are distribution and made a huge damage like stole information and delete all the data stored on the computers. So, I chose this type which is most common because of this story happened in 2017 and there is no way to stop it until we make a strengthen the defense of this attacks before happening13.Alic and bottle cork are the names used in scenario security characters. This names are chosen based on the letters of the alphabet (A)lic and (B)ob. Discoverer of this theory put names of people to make it easier to understand and study. If we suppose that Alic are sending a private messages to sour grass by postal mail. Alic knew that postman are indication the message she sends. She thinking to find a way to send a message without anybody read it. So, Alic corrupts a lockbox and two keys (Encryption Decryption) to open it and meet Bob to give one of this keys. Alic put the message inside this lockbox. The postman cannot read the message or open it or looking through the lockbox. So, after the message delivered to Bob, he can use the key to open the lockbox and read the message. S o. Bob as well can use the same method to send a message to Alic and they are sure about the security message exchange and this is called a symmetric key reckonion.Lets keep continuo with Alic and Bob. Now, Bob buy a new padlock which is open and put it with the message in the lockbox and keep the key of the padlock with him. Alic receive the lockbox and buy a similar padlock which Bob sent it with the message, and puts her message and the new key of her new padlock in the lockbox. Then. she locks it with the Bobs padlock and send it to Bob. Now Bob can read the message and get the key of the padlock Alics. So, Alic and Bob can exchange messages as they want safety.If we suppose that Alic are person (A) and Bon are person (B). A want to send a private message to B but person A discover that some person who is trudy are education the private message when send it to B. So, A thinking about some method to encryption the message when send by add a compute with so that message cant op ening and read until insert that code. Then, A send a message after give the code to B to decoding the message so he can read it and no one than A and B can decrypt the message because they have the same keys to encrypt and decrypt it. This method called encryption and decryption and the keys are called Symmetric-Key Encryption.Lets suppose that we have two persons Mohammed and Abdullah want to exchange encrypted messages so that no one can see it. Mohammed comes through a particular program (browser in case SSL) and produces two keys associated with each others one overt key and the second are the private key. Mohammed then sends the public key to Abdullah by any method. Abdullah uses this key and encrypts the message that he has by the public key who sent by Muhammad public key. And then sends the encrypted message to Muhammad. Mohammed then decrypts the message code via the private key which is with him and associated with the public key. So, Muhammad can encrypt a message with the private key and Abdullah decrypts the message through the public key.1Phishing Techniques Phishing.org. Online. operable http//www.phishing.org/phishing-techniques/. Accessed 25-Oct-2016.2The Online Service Message Email Is A Google Account Phishing Scam., Facebook Tips, 06-Jun-2011. .3My Computer Text message phishing scam, My Computer. .4Watch Out For Facebook Phishing Scams Simple Industries, Inc. Online. available http//www.simpleindustries.com/2010/10/tech/watch-out-for-facebook-phishing-scams.html. Accessed 20-Feb-2017.5Ads on popular Search Engine are leading to Phishing Sites. Online. Available https//www.govcert.admin.ch/blog/16/ads-on-popular-search-engine-are-leading-to-phishing-sites. Accessed 20-Feb-2017.6Ads on popular Search Engine are leading to Phishing Sites. Online. Available https//www.govcert.admin.ch/blog/16/ads-on-popular-search-engine-are-leading-to-phishing-sites. Accessed 28-Oct-2016.7History of Phishing Phishing.org. Online. Available http//www.ph ishing.org/history-of-phishing/. Accessed 25-Oct-2016.8L. Meleney, Dyre Malware Has Stolen Over $1 one million million Is Your Companys Sensitive Data at Risk? Online. Available http//blog.baymcp.com/blog/dyre-malware-has-stolen-over-1-billion-is-your-companys-sensitive-data-at-risk. Accessed 20-Feb-2017.9Dyre Malware Has Stolen Over $1 Billion Is Your Companys Sensitive Data at Risk? Online. Available http//blog.baymcp.com/blog/dyre-malware-has-stolen-over-1-billion-is-your-companys-sensitive-data-at-risk. Accessed 28-Oct-2016.10Phishing prevention with Password Alert FAQ G Suite Administrator Help. Online. Available https//support.google.com/a/ effect/6197508?hl=en. Accessed 20-Feb-2017.11Password Alert. Online. Available https//chrome.google.com/webstore/detail/password-alert/noondiphcddnnabmjcihcjfbhfklnnep. Accessed 28-Jan-2017.12R. D. Vines, Phishing Cutting the Identity Theft Line. John Wiley Sons, 2005.13Saudi Arabia warns on cyber defense as Shamoon resurfaces Reuters. Online. Available http//www.reuters.com/article/us-saudi-cyber-idUSKBN1571ZR. Accessed 11-Feb-2017.14What Is SSL (Secure Sockets Layer)? DigiCert.com. Online. Available https//www.digicert.com/ssl.htm. Accessed 12-Feb-2017.15HTTP to HTTPS What is a HTTPS Certificate. Online. Available https//www.instantssl.com/ssl-certificate-products/https.html. Accessed 12-Feb-2017.ACADEMIC HONESTY DECLARATIONI, the undersigned, declare that the attached assignment/project is tout ensemble my own work, and that no part of it has beencopied by manual or electronic means from any work produced by any other person(s), present or past,produced by several students working together as a group (this includes one person who provides any portion of an assignment to another student or students),produced by automatic tools or aidsmodified to contain falsified program output,or copied from any other source including web sites,except as directly authorized by the instructor.I understand that penalties for submitting work which is not wholly my own, or distributing my work to other students, may result in penalties.Full nameStudent Number___________________Signature