Answers – Phishing

you are watching: Answers – Phishing here hiddentracks.org

Laboratory/Homework Assignment

top

Consider the following PayPal e-mail. The Web address in the box, http//211.248.156/Paypal/cgi-bin/webscrcmd_login.php, appears when the user ‘mouse-overs’ the “Click here to verify your account” link.


Lab Questions:
  1. Complete the  following security checklist for this program (print the checklist).
  2. List any sentence, phrase or word that makes the e-mail a suspected phish.

Security Checklist

top

Security Checklist

Vulnerability: Phishing Course: Computer Literacy  
Task – Read the e-mail carefully; answer yes/no in the space provided Yes/No
1. Were there suspicious words, phrases or sentences?  No
2. Were there suspicious links?  Yes
3. Are there grammatical or spelling errors in the e-mail?  No
4. Does the e-mail start with a generic greeting?  Yes
5. Does the e-mail contain any pop-up boxes or attachments?  No
6. Does the e-mail contain an air of urgency or a need to respond immediately?  Yes
7. Does the email ask you for personal information such as passwords and social security number?  No
If you answered yes to any of the above questions, then the e-mail is a suspected phishing mail.  
 

Discussion Questions

top
  1. Play at least two games of Anti-Phishing Phil at http://wombatsecurity.com/antiphishingphil. Create a “blacklist” of the phishing Web site addresses you encountered, and a “whitelist” of the legitimate Web sites. (Hint: see the section on Anti-phishing Technologies.) Describe how the Anti-Phising Phil experience has helped you to better recognize phishing Web sites. What are your likes and dislikes about the game? Are there any suggestion(s) that you would like to provide so as to improve it? If so, explain.
READ:  Jazz/Commercial Ensembles | Towson University

Answers:

will vary

Blacklist

Whitelist

http://147.46.236.55/PayPal/login.html

http://www.wellsfargo.com

http://165.246.121.80/hsbc

http://www.paypal.com

http://80.157.192.106/www.bankofamerica.com/

http://www.chase.com

http://www.msn-verify.com

http://www.att.com

http://signin.ebay.updateacc.cc.com/Signin.html

http://mbnanetaccess.com

http://chaseonline.chase.com/

http://citibusinessonline.da-us.citibank-updates.com/

http://mbnanetaccess.com

http://www.citibanking.net

2. Visit the PhishGuru Web site, http://phishguru.org/, and download at least two additional messages. What is PhishGuru? What new anti-phising advice were you offered from these messages? Create your own message that would be displayed whenever a user mistakenly opens a phishing e-mail.

Answer: 

  •  http://usabletrust.com/phishGuru/training/generalhelp.pdf
  • The phishGuru website defines PhishGuru as follows: “PhishGuru™ is an email-based anti-phishing training system in which training messages are designed to look like phishing messages. When users “fall” for our messages, we take advantage of the “teachable moment” and immediately teach them how to avoid falling for real scams. Our studies demonstrate that PhishGuru effectively teaches people what cues to look for to distinguish scams from legitimate email.”

3. Take the “SonicWall Phishing and Spam IQ Test” a couple of times (http://www.sonicwall.com/phishing/). What was your maximum score? Look at the test result sheet, and give the name that appears in the “Subject” column for three of the questions. For each of the subjects, click on the “Why?” link that appears under the “Explain Answer Column.” The e-mail you viewed for that question should re-appear—this time with explanations. Copy one of the given explanations for each of the e-mails.

READ:  How to Work Towards a Healthy Life Balance

Answer:

  • For maximum score: have students display all the scores highlighting the maximum
  • Subject Names: Paypal, Wells Fargo, IRS
  • Answers will vary   
Further Work (optional – check with your instructor if you need to answer the following questions)
  1. In recent years, a more insidious form of phishing, known as spear phishing, has taken root. Spear phishing is customized to a particular user. It often addresses the recipient directly (by name) and may include other personal information about the user. Provide a recent example of spear phishing and discuss the peculiarities of the e-mail that makes it a suspected phish. Your example could be taken from an e-mail you or someone you know received, from a handout from your instructor, or from a recent newspaper or Web article.

Answer: Answers may vary. Students can use examples from their own e-mail, from SonicWall Phishing, etc.

2. Pharming is yet another recent form of phishing, which automatically redirects the user to a fake Web site—no clicking required. Give a recent example of pharming and discuss the peculiarities of the e-mail that makes it a suspected phish. Again, your example could be taken from an e-mail you or someone you know received, a handout from your instructor, or from a recent newspaper or Web article.

READ:  West Village 2 & Marshall Hall

Answer: Answers may vary. Students can use examples from their own e-mail, from SonicWall Phishing, etc.

Comments are closed.

View more information: http://cisserv1.towson.edu/~cssecinj/modules/computer-literacy/phishing-2/answers-phishing/

See more articles in category: Grammar

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button