Assignment No. 04
Information Systems CS507
Total Marks: 15
Due Date: 04/02/2016
1. A bank “ABC” offers online banking services to its customers. Customers enter their
personal account information and uses personal email account also for different
acknowledgments from bank. Confidentiality of customers’ record has very high priority
for bank for online transactions. There are different possible online security threats
which have to be considered. Few of these are:
• Scareware 10 Marks (5 + 5)
a) Explain briefly that how “Phishing” and “Scareware” can affect /attack customer’s
data. You have to discuss attacking technique of both these threats in separate
paragraphs that how they deceive users.
b) What are possible preventive methods to handle above mentioned threats
2. How “cloud “can be helpful in keeping online data secure? 5 Marks
Best of luck
Can I submit my assignment on Friday 5 Feb? Or 4 Feb is a last date?
No any extended date?
i think extended day ho ga shoaib hussain
har bar data han and har assign main data han to zaroor ho ga
Phir theek hai...
best of luck :)
Syed Naveed haider
Assignment no 4
First we should have the knowledge that what is phishing. Phishing is a form of fraud in which the attacker tries to get the information such as usernames, passwords, and credit cards details by masquerading as a reputable entity or person in email, IM or other communication channels.
Phishing techniques and deception to user:
Mostly phishing use some form of technical deception designed to make a link in an email and the spoofed websites appear to belong to the spoofed organization. Misspelled URLs or the use of sub domains are the common tricks used by phishers.
This method silently redirects the user to the affected site. This technique operates in reverse to most phishing techniques in that it doesn't directly take you to the fraudulent site, but instead loads their fake page in one of your open tabs.
It is a phishing technique that is hard to detect. A phisher creates a fake wireless network that looks similar to a legitimate public network that may be found in public places such as airports, hotels or coffee shops. Whenever someone logs on to the bogus network, fraudsters try to capture their passwords and/or credit card information.
Other techniques are as
First we should have the knowledge that what is Scareware. Scareware is a type of malware designed to trick victims into purchasing and downloading useless and potentially dangerous software or it is a form of malicious software that uses social engineering to cause shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted software.
Usually in scarewere the criminals convincing the users that virus has infected their computers and suggesting them to download fake antivirus software to remove it. Usually the virus is entirely fictional and the software is non-functional or malware itself. Some websites display pop-up advertisement windows or banners with text such as: "Your computer may be infected with harmful spyware programs. Immediate removal may be required. To scan, click 'Yes' below." These websites can go as far as saying that a user's job and career would be at risk. Once the unsuspecting user downloads and installs the Scareware application that is supposed to fix the "problem", a malicious payload may also be installed on the computer that can be used to harvest a user's personal data or control the victim's PC remotely to carry out other attacks. Some Scareware's sole purpose is to make money for its developers.
scarewere techniques and deception to user:
Advertisements on some WebPages that offering the antivirus and once the user click the advertisement a malicious payload may also be installed on the computer that can be used to harvest a user's personal data or control the victim's PC
Landing on the Fake Malware Warning Site:
Visiting the once-legitimate URL landed the victim on a scammy scareware page, designed to persuade the person to contact "Microsoft Certified Live Technicians" at the specified toll-free phone number. The site employed social engineering techniques employed by rogue antivirus tools. Such schemes present victims with fake virus warnings, designed to scare people into submission.
Preventive methods of phishing and scarewere:
B) Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing, where shared resources, data and information are provided to computers and other devices on-demand. It works by storing your files on a server out in the internet somewhere rather than on your local hard drive. This allows you to back up, sync, and access your data across multiple devices as long as they have internet capability.
Two-step of password verification. Research has shown that up to 90 percent of user-created passwords is vulnerable to hacking. But the cloud storage services offer two-step verification, the second step being an email or text, so in the event that a hacker is able to decipher your password, they won’t be able to do anything without the second step. In this way cloud computing ensure the safety of online data.
Encrypted files: Encryption is another key element of cloud protection, especially for the most sensitive data. Good encryption software adds another strong layer of protection to your data before sending it to the cloud.
Install anti-virus software: You should have this software already installed on your computers. If you haven’t, definitely do so before reverting to cloud storage. Anti-virus and anti-malware software prevents malicious software programs like keyloggers and Trojans from hacking your system.