How to Detect a Phish– Cisco Security Tools
Even though Internet mail systems contain many different checks, a large amount of spam and phishing email—especially well-researched spear phishing—is still delivered. You still need to know how to detect spam and phishing emails.
Begin by checking the destination email addresses. If the destination email address is not your actual address, the mail is addressed to many people you do not know, or you are “blind copied” on the email, the email is probably spam or phishing.
Next, look at the source email address. A good technique is to copy the source email address to your clipboard and paste it into a text editor (like Notepad on Windows or Text Editor on macOS). Look at the sender’s domain—the part after the @ symbol. If the sender’s domain does not match the domain of links in the mail, and the mail is not a newsletter, the mail is probably spam or a phish.
If you have an account with the sender’s organization, open their website and log in manually; do not click any links. Once you are in your account, check the information in the mail using menus, searching, etc. You should never click on the link in an email unless you are certain the mail is valid, and the link is good.
Even if the mail looks legitimate, do not click on the links.
Instead, right-click or Ctrl-click on any linked text, copy the link location, and paste it into a text editor. Once you paste the link, check the domain name; if the mail is spam or phishing, the domain name will be buried among strings of text and random characters. Ensure you find the actual domain, not a string that looks like a domain in the middle of the link.
Once you find the domain, check it against the sender’s domain.
You can also enter the domain without anything else in the link to see where it leads.
Finally, do not download and open attachments unless you know the sender. Even if you know the sender, be careful with attachments, as attackers can take over or hijack a user’s mail account.
If you find the email is spam or phishing, you can use a Whois tool on the Internet to look up the domain name. Whois will give you an “abuse contact” email address. Forward the spam or phishing email to the abuse address indicated in the Whois record. You can often report spam and phishing emails to your provider.
Encryption
Previous sections have discussed many ways encryption is used in information security. We rely on encryption for
• Confidentiality, or keeping our communications and information confidential.
• Integrity, or proving no one has changed a piece of data between the sender and receiver.
• Nonrepudiation, or proving a sender sent a piece of information.
• Authentication, or proving a person is who they say they are.
Up to this point, however, we have not explored how encryption works. Encryption essentially performs a complex mathematical operation that combines data with a key, resulting in unreadable data. The process can be reversed to retrieve the original text. Figure 20-10 illustrates how basic encryption works.
Figure 20-10 Encryption
1. A cipher mathematically combines a key and clear text to create cipher text.
2. The key used to create the cipher text is transferred to the receiver.
3. The cipher text is transmitted to the receiver across a network (or in some other way).
4. The receiver mathematically combines the key and the ciphertext to recover the clear text.
Figure 20-10 illustrates symmetric or shared key cryptography because the sender and receiver use the same key to encrypt and unencrypt the data. Protocols like Secure Hypertext Transfer Protocol (HTTPS), QUIC, and Transport Layer Security (TLS) all use symmetric cryptography to protect information traveling between the sender and receiver.
The primary advantages of symmetric cryptography are
• It is simpler to implement than other forms of cryptography.
• Converting from plain text to cipher text and back is relatively fast and inexpensive. Symmetric encryption can be performed in specialized hardware, while asymmetric encryption cannot.
The primary disadvantage of symmetric encryption is anyone who has the key can encrypt or unencrypt the data. If an attacker somehow gets the key you are using for symmetric cryptography, they can send information that looks like it came from you and read your encrypted messages.
Symmetric cryptography is often called secret key cryptography because the key must be protected to keep the communication channel secure.
Is there some way to encrypt data without using a key both sides of the conversation must keep secret? Yes— public key encryption. Figure 20-11 illustrates public key encryption.
Figure 20-11 Public Key Encryption
In public key encryption, as with private key or symmetric encryption, a key is combined with data to create ciphertext.
The receiver then reverses the process to recover the original clear text. However, public key encryption uses two different keys rather than a single shared key. In Figure 20-11:
1. The user creates a single, long key. This key is split in half, creating a private key and public key. Either half of the original key can become either key. The keys are different and used for different purposes, but there is no mathematical difference between them. The public key is published on a website, through DNS, in a directory service, etc. The private key is held privately by the sender.
2. The sender combines the private key with the clear text to create the cipher text.
2. The cipher text is transmitted across a network to the receiver.
3. The receiver combines the sender’s public key with the cipher text (unencrypts cipher text) to recover the original clear text.
Public key cryptography systems have two keys, one of which can be published, while the other must be kept secret.
Public key or asymmetric cryptography has one advantage over private key cryptography: the sender and receiver do not need to share a secret key. Because of this, public key cryptography systems can be used over open networks, like the Internet, to create secure communication channels and cryptographic signatures.
The disadvantages of public key cryptography are as follows:
• Public key cryptography is more complex to implement, leading to more bugs, etc.
• Public key cryptography requires more processing power, so it is more expensive and slower than private key cryptography Because asymmetrical cryptography is computationally expensive, it is not generally suited to encrypting large amounts of data, such as a video or audio stream. Public key cryptography is almost always used as a block cipher for small data blocks and rarely as a stream cipher.
A block cipher is an encryption system used for fixed-length data sets—a single file. A stream cipher is an encryption system for streaming data, such as video or audio. The difference is not the kind of data but how the data is presented—as a single object or a stream.
Public key cryptography is, however, widely used for exchanging private keys and creating cryptographic signatures.
