Online Systems Security

1 - Theory of Computer Science / Online Systems Security

Online Systems Security

The other segments of section '1.4 Security' have looked at keeping the source of data secure and keeping it safe during transmission. The final piece of the puzzle is to consider how you keep online services secure from attacks. Unfortunately a number of different attacks have been developed to try and undermine the security of online services with the intent of stealing data malicious reasons. Some of the attacks that we will cover in this section include phishing, DOS, pharming, trojan email and virus generated emails.

Phishing

You may have noticed that the term Phishing is very similar to fishing, this is not an accident. The terms are similar as the process for both are also similar.

How Fishing works:

There are billions of fish in the sea
A fishing boat will cast a large net into the sea
The fisherman know that they will not catch every fish but a very small percentage will result in a full net and a successful catch

How Phishing Works:

There are billions of people with email addresses
A scammer will get access to millions of these email addresses
The scammer will send a deceiving email to millions of email addresses (Their fishing net)
The scammer knows that they will not trick every person with an email, however if a small percentage fall for it, it can be profitable

How do they trick people?
Now that we understand that phishing is the process of sending millions of scamming emails with the hope that a small number will fall for the scams, it is important that we understand what the scams look like and why people fall for them.

Phishing email Key points

A Phishing email disguises itself to look like a legitimate email from a well known organisation e.g. Facebook, Ebay or Paypal

The email will try to persuade you into clicking onto a link that will take you to a fake website that looks identical to the actual organisations website.

Once the victim has followed the link they may enter their log in details, banking details, personal information. The victim thinks that this is ok as the website looks like their trusted organisations website, however, all they have done is given away their details to the scammer.

How to Spot a Phishing Email
There are lots of tell tale signs that you should look out for to avoid falling for phishing scams. The first and perhaps most important is the fact that all large organisations i.e. banks, social media, eCommerce have agreed that they will never send customers an email with a link to their website requesting a password change. If a large organisation does require you to take some sort of action they will email you with a request for you to manually go to the the website. This process was agreed upon as a preventative measure towards phishing scams.

There are usually many other tell tale signs that a phishing email is a scam, these are:

The greeting will be impersonal - as they do not know your name e.g. Dear Customer
Strange senders address - can be a variation on real address e.g. xxx@facebook123.com
Fake links - Link will take you to phony website and actual destination can be disguised
They will request your personal information - as already explained, organisations will not do this
Urgency - The emails will often try to put you under time pressure in an attempt to make you act before thinking e.g. Change your password within 24 hours or your account will be closed
Spelling / Grammar- Look out for spelling mistakes or bad grammar! a lot of scammers did not pass English class!

Here is an example of a phishing email that initially appears to be from Amazon...

Other Email Threats

As well as phishing there are other threats that can occur through email. Two of these threats are:

Virus Generated Emails

Virus generated emails work similarly to phishing in that they will attempt to get the victim to click on a link that will lead to them handing over their personal or financial details.

The dangerous difference is that the email will appear to have been sent by a friend thus giving you less reason to doubt the legitimacy of the link.

This type of email can occur if somebody downloads a virus that is programmed to send these emails. Once the virus is activated it can look in the contacts held on the local machine and send each one an email appearing to be from the owner of the infected machine.

Trojan Horse Emails

A Trojan horse email is again similar to phishing in that the threat arrives by email and aims to mislead the victim.

The difference is that a Trojan horse email is not trying to appear to be a legitimate organisation that you may have business with. Instead it attempts to offer the victim something interesting to look at, this could be a game, an image or a click bait style news headline.

When the user clicks to view the content the it will install some malware onto their computer. The malware can then take control of the victims computer with malicious intent.

Pharming

Pharming is very similar to phishing, however it can be harder to spot.

Pharming occurs when malicious software that sits on a victims computer monitors the users web activity. When the user types in a legitimate URL e.g www.paypal.com, the malware will detect this and redirect the victim to a face website e.g. www.paypal1.com

This is harder to spot than a phishing email as you do not have the obvious signs of a fake email to spot and the user will feel safe as they manually visited the website.

There are some ways to spot pharming attacks:

Once the web page has loaded, look again at the URL bar to check that it has not changed to a fake address
Before you click to confirm a payment, double check that the website is still using HTTPS not HTTP
Ensure that you have up to date anti virus software to detect pharming files on your computer
ISPs (Internet service providers) do take action to block redirects when they are aware of the attack

DOS - Denial of Service Attack

A Denial of Service attack is exactly as it sounds. The attack seeks to deny users from accessing an digital service.

DOS attacks often work by spamming the service. If the service is busy dealing with the spam it will slow or crash thus making it unusable.

Examples:

Email accounts can be spammed with thousands of emails, this will fill the inbox, exceed the allowed memory limit, cause legitimate emails to get lost in the spam...

Websites can be flooded with traffic that exceeds their bandwidth thus causing them to crash.

There are many reasons why people may perform a DOS attack:

Revenge - Shutting down somebody's website is a good way to get back at them
Terrorism - Shutting down digital services can be used as a terrorist attack e.g. taking down the government website
Blackmail - A hacker can cause a service to crash and then ask for money in return for fixing the DOS attack