Online Course for Phishing

Online line of products for PhishingAhmed Hassan Al-AsmariApplied Phishing PROJECT in TI-ANS-ANS-TTCThe report aims to provide an online course for Social engineering (phishing) for TTC students. The proposed course is intentional based on the approach of re take c ar based learning. Proposed design of the circuit is supported by the theory. The report aims to provide an online course for ICT department. The expected leave is to provide a new learning course for hostage education Provide a new content, types, problems, solutions and how to informed virtually phishing technology.What is phishing? Its proficiency used to steal individualised culture through e-mailming, form websites, unofficial applications or other deceptive means, thats means someone take a crap a website which resembles original website 100% and the website which created asked for specific info such as request information instauration or data update or add credit card and so on. So, this panache is bulge out by unhorseing a nitty-gritty which similar to the core the original company and the content of message request to entry the tie beam to update data, sometimes the link malicious files which help phishersto control trick and steal data. To avoid Internet phishing, people should acquire knowledge of unalike types of phishing techniques and they must also be conscious of anti-phishing techniques to defend themselves from getting phished1.2.1. Phishing Techniques2.1.1. Email / SpamPhishing by utilise email or spam be most common phishing scam. Phishers stick out send the similar email to millions of exploiters, requesting them to loading in- someone data. The information which are steal will used for unlawful ways. almost of the message have a melodic line which ask users to enter the personal information to update and verify re devoteations. Sometime, phishers asked you to fill a form to annoy to a new services(Figure1)2.2.1.2. Instant MessagingInstant mess aging is one of the phishing ways which used by sending a message provide a link that speak user to fake website, thats website are similar to the original website. So, If user dont check the URL of this link, wherefore he will fall on the phisherhand, sometimes its going to be hard to find out the different between the original and fake URL. Then, link contain form which phisher asked to fill(Figure23)1. 2.1.3. Link Manipulationlink manipulation is one methods that phisher use in websites by sending a link and when user riff the link it will start to direct user to the phisher website instead website which in the link. The way to prevent link manipulation is to come out the indicator of mouse over the link to check the real link(Figure34)1.2.1.4. System ReconfigurationPhishers may send a message that asked the user to change the get uptings of the computer. The message might arrive from a web channelize which comparable an official source. For standard URL can be modified b y phishers to direct victim to a fake websites. For recitation a URL website of a FACEBOOK may modified from www.facebook.com to www.facebo0k.com1.2.1.5. Phishing through Search EnginesThis is one of phishing scams and that by using search engines which direct the user advertisement sites which may pre move low price products or services. So, when the user select some of these offers and begin to put data of the credit card, then its collected by the phishing site(Figure45)6.2.1.6. call off PhishingThe phisher may also used phone by making calls to random users and request them personal expound intimately bank account or any others information and the phishing caller may be automate response. They may be friendly with you, start calling you by your first name and asking you about your family. They may act working in a company you trust and asking to update your accounts or asking for credit card. So, we see that kind of phisher have a little information about you forwards the call and after the call, they may get all the data they want to complete steal consentient data.2.1.7. Malware PhishingPhishing scams malware its one of the technique need to be run on the users PCs. The malware is typically linked to the email sent to the user by the phishers. Once you get on the link, the malware will begin to publishing and causes damages internal PC. Sometimes, the malware disposed to downloadable files.phishing was sp enter around the year 1995, but they was not known to people until few years. So, this is contradict point for people who does not take a careful and about the phishers because they maybe understand a serious problems in one day. So, it is helpful to have a basic understanding of the behind them7.Most of the phishing scam are successful and that because people dont know about scam methods which phishers use it. So, there are some(prenominal) ways to avoid to be a victim. We can get the idea about those tilt which may help to prevent phisher s to steal your information and be aware about the following arguingKeep Informed about social engineering techniques specially phishing techniques so that will help you to have an information about the methods scams that phishers use it and you know the ways to prevent all scams.Install an Anti-Phishing. So, a hook of popular Internet browsers can be Associated with anti-phishing toolbars. So, this is a common way to prevent the phishing through search engines or websites, anti-phishing toolbar can alert you from fake websites by blocking it. Such as AdBlock.Verify a sites certification its important that websites you visit are security and free from fake advertisement and illegal products. So, up contain informed about the websites URL which should have to begin with https. Also, you should see an icon lock close to the address URL. Also verify the certificate of websites security.Verify your online accounts periodically as long as you dont visit your online account for a long time, verify each of your online accounts periodically and changing your tidingss regularly too. Its good that each of your accounts has different password.Use best firewalls you can use two option kinds a desktop firewall and this is a bundle type install in your device, second is a network firewall this is a type of hardware which are in a routers or switches.Never Give turn out Personal randomness.Use Antivirus Software.Use an merry Password from Google to alert you from phishing.We see here in this figure5 the cycle of phishers witch they move with each move when they target personals or companies. figure below will explain this cycle more(Figure58)9What do you think about your passwords. Do you use hardly one or simple to figure out variations on just one? If you do both, you shouldnt, because youre making it easy for a phishers to get access to your personal information. Every password for all(prenominal) site or different accounts should be different. Letters numbers and characters work best to keep password difficult and hard to get. Change them repeatedly. The special programs for internet security and system of device can help you to keep follow of your passwords.Because Google are the famous company and has too many users, Its important to set high level of security to protect users information. So, from the phishing side, Google has created a new tool which can secure users data from phishing. The main idea of this tool is to alert user when the password of account are entered in other original google.com. So, if user receive a message in e-mail and this mail are verbal expression like original web rogue of Google and with a link asked you to change or update your password account. Then you click the link and start to direct you to another website and stealing your personal data. So, this tool from Google will alert you when personal data are entered in other Google account and trying to follow and show the suspicious signup page and ale rt you before you enter your personal data and password(Figurs610)11.There are several target in a phishing the end users, businesses, the computer compromised to host fraudulent sites and the ISP hosting the email address. So, phishing want to get the important information from those to get all permission to control12.I think about the most common type of phishing technique are used is E-mail phishing so far. I chose that type because I see that in every news, TV, websites and social media. The last attacks which happen in Saudi Arabia in Jan 2017 by the virus which called SHAMOON by greenish Big groups. This virus targeted most popular company in Saudi Arabia like ARAMCO and Communications and Information Technology. The virus was working for several attacks like send an E-mail to the employs of the ARAMCO company which include the malicious link and the message is similar to original messages of the company. Then, some of the employs are failed in this E-mails and the viruses ar e distribution and made a huge damage like stole information and delete all the data stored on the computers. So, I chose this type which is most common because of this story happened in 2017 and there is no way to stop it until we make a strengthen the defense of this attacks before happening13.Alic and shilling are the names used in scenario security characters. This names are chosen based on the letters of the alphabet (A)lic and (B)ob. Discoverer of this theory put names of people to make it easier to understand and study. If we suppose that Alic are sending a private messages to shilling by postal mail. Alic knew that postman are reading the message she sends. She view to find a way to send a message without anybody read it. So, Alic buys a lockbox and two discovers (Encryption Decryption) to kick in it and meet Bob to give one of this mainstays. Alic put the message inside this lockbox. The postman cannot read the message or unfold it or looking through the lockbox. So , after the message delivered to Bob, he can use the key to open the lockbox and read the message. So. Bob as well can use the same method to send a message to Alic and they are sure about the security message rally and this is called a radial key reckonion.Lets keep continuo with Alic and Bob. Now, Bob buy a new lock which is open and put it with the message in the lockbox and keep the key of the padlock with him. Alic receive the lockbox and buy a similar padlock which Bob sent it with the message, and puts her message and the new key of her new padlock in the lockbox. Then. she locks it with the Bobs padlock and send it to Bob. Now Bob can read the message and get the key of the padlock Alics. So, Alic and Bob can exchange messages as they want safety.If we suppose that Alic are person (A) and Bon are person (B). A want to send a private message to B but person A discover that some person who is trudy are reading the private message when send it to B. So, A thinking about som e method to encryption the message when send by add a statute with so that message cant opening and read until insert that code. Then, A send a message after give the code to B to decryption the message so he can read it and no one than A and B can decrypt the message because they have the same keys to encrypt and decrypt it. This method called encryption and decryption and the keys are called Symmetric-Key Encryption.Lets suppose that we have two persons Mohammed and Abdullah want to exchange encrypted messages so that no one can see it. Mohammed comes through a particular program (browser in case SSL) and produces two keys associated with each others one customary key and the second are the private key. Mohammed then sends the public key to Abdullah by any method. Abdullah uses this key and encrypts the message that he has by the public key who sent by Muhammad public key. And then sends the encrypted message to Muhammad. Mohammed then decrypts the message code via the private k ey which is with him and associated with the public key. So, Muhammad can encrypt a message with the private key and Abdullah decrypts the message through the public key.1Phishing Techniques Phishing.org. Online. easy http//www.phishing.org/phishing-techniques/. Accessed 25-Oct-2016.2The Online Service Message Email Is A Google Account Phishing Scam., Facebook Tips, 06-Jun-2011. .3My Computer Text message phishing scam, My Computer. .4Watch Out For Facebook Phishing Scams Simple Industries, Inc. Online. on hand(predicate) http//www.simpleindustries.com/2010/10/tech/watch-out-for-facebook-phishing-scams.html. Accessed 20-Feb-2017.5Ads on popular Search Engine are tether to Phishing Sites. Online. Available https//www.govcert.admin.ch/blog/16/ads-on-popular-search-engine-are-leading-to-phishing-sites. Accessed 20-Feb-2017.6Ads on popular Search Engine are leading to Phishing Sites. Online. Available https//www.govcert.admin.ch/blog/16/ads-on-popular-search-engine-are-leading-to-p hishing-sites. Accessed 28-Oct-2016.7History of Phishing Phishing.org. Online. Available http//www.phishing.org/history-of-phishing/. Accessed 25-Oct-2016.8L. Meleney, Dyre Malware Has Stolen Over $1 Billion Is Your Companys Sensitive Data at insecurity? Online. Available http//blog.baymcp.com/blog/dyre-malware-has-stolen-over-1-billion-is-your-companys-sensitive-data-at-risk. Accessed 20-Feb-2017.9Dyre Malware Has Stolen Over $1 Billion Is Your Companys Sensitive Data at Risk? Online. Available http//blog.baymcp.com/blog/dyre-malware-has-stolen-over-1-billion-is-your-companys-sensitive-data-at-risk. Accessed 28-Oct-2016.10Phishing prevention with Password Alert FAQ G Suite Administrator Help. Online. Available https//support.google.com/a/ coiffe/6197508?hl=en. Accessed 20-Feb-2017.11Password Alert. Online. Available https//chrome.google.com/webstore/detail/password-alert/noondiphcddnnabmjcihcjfbhfklnnep. Accessed 28-Jan-2017.12R. D. Vines, Phishing Cutting the Identity Theft Lin e. John Wiley Sons, 2005.13Saudi Arabia warns on cyber defense as Shamoon resurfaces Reuters. Online. Available http//www.reuters.com/article/us-saudi-cyber-idUSKBN1571ZR. Accessed 11-Feb-2017.14What Is SSL (Secure Sockets Layer)? DigiCert.com. Online. Available https//www.digicert.com/ssl.htm. Accessed 12-Feb-2017.15HTTP to HTTPS What is a HTTPS Certificate. Online. Available https//www.instantssl.com/ssl-certificate-products/https.html. Accessed 12-Feb-2017.ACADEMIC HONESTY DECLARATIONI, the undersigned, declare that the attached denomination/project is wholly my own work, and that no part of it has beencopied by manual or electronic means from any work produced by any other person(s), present or past,produced by several students working together as a team (this includes one person who provides any portion of an assignment to another student or students),produced by automatic tools or aidsmodified to contain falsified program output,or copied from any other source including w eb sites,except as directly authorized by the instructor.I understand that penalties for submitting work which is not wholly my own, or distributing my work to other students, may result in penalties.Full nameStudent Number___________________Signature