Latest Activity In Study Groups

Join Your Study Groups

VU Past Papers, MCQs and More

We non-commercial site working hard since 2009 to facilitate learning Read More. We can't keep up without your support. Donate.

Assignment No. 04
Fall 2015
Information Systems CS507
Total Marks: 15
Due Date: 04/02/2016

1. A bank “ABC” offers online banking services to its customers. Customers enter their
personal account information and uses personal email account also for different
acknowledgments from bank. Confidentiality of customers’ record has very high priority
for bank for online transactions. There are different possible online security threats
which have to be considered. Few of these are:
• Phishing
• Scareware 10 Marks (5 + 5)
a) Explain briefly that how “Phishing” and “Scareware” can affect /attack customer’s
data. You have to discuss attacking technique of both these threats in separate
paragraphs that how they deceive users.
b) What are possible preventive methods to handle above mentioned threats
2. How “cloud “can be helpful in keeping online data secure? 5 Marks

Best of luck

Views: 3847

Attachments:

Replies to This Discussion

thanks Shahid

My pleasure.

Can I submit my assignment on Friday 5 Feb? Or 4 Feb is a last date?

4

Oh no..

No any extended date? 

i think extended day ho ga shoaib hussain

har bar data han and har assign main data han to zaroor ho ga

Phir theek hai...

best of luck :)

Thnkx

u welcome 

Syed Naveed haider

Mc140400680

Assignment no 4

                                                         CS507

 

  1. A.    

Phishing:

First we should have the knowledge that what is phishing. Phishing is a form of fraud in which the attacker tries to get the information such as usernames, passwords, and credit cards details by masquerading as a reputable entity or person in email, IM or other communication channels.

 

                        Usually a user receives a message that appears to have been sent by a known contact or organization and the massage contain an attachment or links that may install malware on the user’s device as user click it or direct them to a malicious website set up to trick them into divulging personal and financial information, such as passwords account IDs or credit card details. Phishing is popular with cybercriminals, as it is far easier to trick someone into clicking a malicious link in a seemingly legitimate email than trying to break through a computer’s defenses. The cybercriminals employ the techniques of professional marketers to identify the most effective types of messages the phishing "hooks" that get the highest "open" or click through rate and the Facebook posts that generate the most likes. In order to make phishing messages look like they are genuinely from a well-known company, attackers include logos and other identifying information taken directly from that company’s website. The use of sub domains and misspelled URLs are common tricks, as is homograph spoofing -- URLs created using different logical characters to read exactly like a trusted domain. Some phishing scams use JavaScript to place a picture of a legitimate URL over a browser’s address bar.

 

Phishing techniques and deception to user:

Link manipulation:

Mostly phishing use some form of technical deception designed to make a link in an email and the spoofed websites appear to belong to the spoofed organization. Misspelled URLs or the use of sub domains are the common tricks used by phishers.

Website forgery:

Some phishing scams use JavaScript commands in order to alter the address bar this is done either by placing a picture of a legitimate URL over the address bar, or by closing the original bar and opening up a new one with the legitimate URL. An attacker can even use flaws in a trusted website's own scripts against the victim. These types of attacks are called cross-site scripting are particularly problematic.

Tabnabbing:

This method silently redirects the user to the affected site. This technique operates in reverse to most phishing techniques in that it doesn't directly take you to the fraudulent site, but instead loads their fake page in one of your open tabs.

Evil twins:

It is a phishing technique that is hard to detect. A phisher creates a fake wireless network that looks similar to a legitimate public network that may be found in public places such as airports, hotels or coffee shops. Whenever someone logs on to the bogus network, fraudsters try to capture their passwords and/or credit card information.

Other techniques are as

  • Clone phishing
  • Filter evasion
  • Covert Redirect
  • Phone phishing

 

Scareware:

 

First we should have the knowledge that what is Scareware. Scareware is a type of malware designed to trick victims into purchasing and downloading useless and potentially dangerous software or it is a form of malicious software that uses social engineering to cause shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted software.

 

                            Usually in scarewere the criminals convincing the users that virus has infected their computers and suggesting them to download fake antivirus software to remove it. Usually the virus is entirely fictional and the software is non-functional or malware itself. Some websites display pop-up advertisement windows or banners with text such as: "Your computer may be infected with harmful spyware programs. Immediate removal may be required. To scan, click 'Yes' below." These websites can go as far as saying that a user's job and career would be at risk. Once the unsuspecting user downloads and installs the Scareware application that is supposed to fix the "problem", a malicious payload may also be installed on the computer that can be used to harvest a user's personal data or control the victim's PC remotely to carry out other attacks. Some Scareware's sole purpose is to make money for its developers.

 

scarewere techniques and deception to user:

 

Advertisements windows:

Advertisements on some WebPages that offering the antivirus and once the user click the advertisement a malicious payload may also be installed on the computer that can be used to harvest a user's personal data or control the victim's PC

Landing on the Fake Malware Warning Site:

Visiting the once-legitimate URL landed the victim on a scammy scareware page, designed to persuade the person to contact "Microsoft Certified Live Technicians" at the specified toll-free phone number. The site employed social engineering techniques employed by rogue antivirus tools. Such schemes present victims with fake virus warnings, designed to scare people into submission.

Preventive methods of phishing and scarewere:

  • ·        Do not click on links, download files or open attachments in emails from unknown senders
  • ·        Never enter personal information in a pop-up screen
  • ·        Protect your computer with a firewall, spam filters, anti-virus and anti-spyware software
  • ·        Communicate personal information only via phone or secure web sites
  • Convert HTML email into text only email messages or disable HTML email messages.
  • Security awareness training or to teach your associates what good emails look like. Try to teach and show people what bad emails tend to look like

 

 

 

B) Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing, where shared resources, data and information are provided to computers and other devices on-demand. It works by storing your files on a server out in the internet somewhere rather than on your local hard drive. This allows you to back up, sync, and access your data across multiple devices as long as they have internet capability.

Two-step of password verification. Research has shown that up to 90 percent of user-created passwords is vulnerable to hacking. But the cloud storage services offer two-step verification, the second step being an email or text, so in the event that a hacker is able to decipher your password, they won’t be able to do anything without the second step. In this way cloud computing ensure the safety of online data.

Encrypted files: Encryption is another key element of cloud protection, especially for the most sensitive data. Good encryption software adds another strong layer of protection to your data before sending it to the cloud.

Install anti-virus software: You should have this software already installed on your computers. If you haven’t, definitely do so before reverting to cloud storage. Anti-virus and anti-malware software prevents malicious software programs like keyloggers and Trojans from hacking your system.

RSS

Looking For Something? Search Below

VIP Member Badge & Others

How to Get This Badge at Your Profile DP

------------------------------------

Management: Admins ::: Moderators

Other Awards Badges List Moderators Group

© 2021   Created by + M.Tariq Malik.   Powered by

Promote Us  |  Report an Issue  |  Privacy Policy  |  Terms of Service