2. The first e-mail message was sent
in 1971 by an engineer named Ray
Tomlinson.
3. WHAT IS EMAIL?
• E-Mail Electronic mail
• A method of exchanging messages in digital form.
• E-mail systems are based on a store-and-forward
method in which e-mail server accept, forwards,
delivers and stores messages on behalf of users.
Users only need to connect to the internet through a
computer for the duration of message submission or
retrieval.
12. MULTIPLE SIGN-IN
With multiple sign-in, you can sign in to up to
ten
accounts in the same web browser. If you sign out
of any Google product from any of your accounts,
you’ll be signed out of all your Google Accounts at
once.
Security issue: -
If one account is compromised there is a threat to
all the accounts.
13. AUTHORISING
APPLICATIONS & SITES
Activating this feature allows
non-Google websites and applications to access
your account and sync with your data
Security issue: -
Google doesn’t review or endorse any third-party
websites, so make sure you trust the website
and understand Google's privacy policy before
approving
14. 2-STEP VERIFICATION
It adds a layer of security to your Google Account
by requiring access to your phone - as well as
your username and password - when you sign in
If someone steals or guesses your password, that
person can’t sign in to your account because they
don’t have your phone.
15. MAKE SURE YOU READ
Terms of usage policy – outlines how you are
supposed to use Google’s platform
Mandatory to provide under Indian Cyber Law
(Sec. 79)
Privacy policy – outlines Information that
Google collect and how they use it
Mandatory to provide under Indian Cyber Law (Sec.
43A)
16.
17. SIGN-IN SEAL
A sign-in seal is a secret message or photo that Yahoo!
will display on this computer only.
Look for it every time you sign in, to make sure you're
on a genuine Yahoo! site.
If the message, photo, or colors are different, you may
have landed on a phishing site.
24. WHAT IS PHISHING?
Phishing involves fraudulently acquiring
sensitive information (e.g. passwords, credit card
details etc) by masquerading as a trusted entity.
40. THE “STEAL”
• When Debasis entered his username-password at
the spoofed website, the username-password was
sent across to the criminal carrying out the
phishing attack.
41.
42. MORE EXAMPLES…
• In this case study, the user was enticed with a
misleading URL. Such urls can be created easily
using simple html code such as:
<a href=http://www.nood1ebank.com>
http://www.noodlebank.com</a>
• This link displays the correct url but on clicking
takes the user to the spoofed url.
43. USING A URL WITH AN IP
ADDRESS
http://www.NOODLEBANK.com@67.19.217.53
This url does not lead to noodlebank.com, it leads
to the website on the IP address 67.19.217.53
44. USING A SPLIT DOMAIN NAME
http://www.NOODLEBANK.com.securitycheck.sec
ure-login.nood1ebank.com/login.asp
This url does not lead to noodlebank.com, it leads
to the spoofed website.
45. USING AN OBFUSCATED URL
http://www.NOODLEBANK.com%00@%36%37%2e
%31%39%2e%32%31%37%2e%35%33
This url does not lead to noodlebank.com, it leads
to the website on the IP address 67.19.217.53
46. HEX TO ASCII CONVERTER
http://www.dolcevie.com/js/converter.html
49. UNDERSTANDING FAKE
MAIL
E-mail headers analysis –
Email header is the information that travels with every
email, containing details about the sender, route and
receiver.
50. ANALYZING HEADERS
To see the g-mail header
click on the arrow
button next to the
“Reply” option click
on “show original”
51. Header of the mail sent
by using “fakemailer
Analyse Message ID
59. AVOIDING EMAIL FRAUD
Keep one's email address as secret as possible
Use a spam filter
Notice the several spelling errors in the body of
the "official looking" email
Ignore unsolicited emails of all types, simply
deleting them
Don’t be greedy, since greed is often the element
that allows one to be "hooked"