Discussion Board
- The discussion assignment requires an Original Posting (main post) from you of 2-3 paragraphs answering the module's question. Discussion Question : Explain how phishing attacks work. Give an example of a recent phishing attack. In addition to your main post, you must post three responses to other posts made by your peers. Respond to your classmates with your point of view on their answers, offering constructive feedback. Make sure your opinion is substantiated with valid reasons and references to the concepts covered in the course. Peer 1: Email Formatting and Protocol Standards Emails have two categories for standards, formatting and protocol standards. The names are pretty self explanatory, formatting standards are what the email message layout is going to look like and protocol standards are the network protocols that the email servers use to interact with each other, theres one standard for delivery but multiple for obtaining email. With message formatting standards there are dozens of standards that describe details for internet email, a lot of them build off the others. The big formatting standard is one called RFC 822. This is the 822nd request for comments published by the ARPANET. Protocol standards start as internet drafts and then become RFCs when people actually consider using them. It becomes a standard when it's accepted by the internet community. There are two different kinds of email protocols, there are mailbox protocols and there are delivery protocols. Mailbox protocols talk about how email client software on someones computer obtains email from a personal mailbox on a server. Delivery protocols describe how the client takes and transmits the message to a server. Peer 2: D10 Ben Spam and Phishing Emails Spam and junk emails are annoying but most of the time are not harmless, as we can recognize a fake email. However, not everybody is as on guard. Phishing emails are scams sent via email to a mass amount of accounts designed to make the user input sensative information, like account username and passwords, or banking information. These can often take the form as trustworthy agencies like banks, government, or big social media companies. When in doubt, don't enter any information or click on any links. This is a common way for an attacker to steal your information, or run malicious code via a download, potentially even recruiting your computer into their botnet. Phishing attacks through email fall under the category of spam mail, however not all spam mail contains phishing attacks. Much of spam emails, and in fact the bulk of all email communications, is annoyingly persistent but harmless advertising. Many times, big corporations will auto-generate email usernames and send out copies of advertising, even though the majority of these auto-generated email will never open it. However, your email might also have been entered into a database for spam contact when signing up for various types of services, and when allowing them to send you promotions. Luckily most email clients in the modern age filter out much of the spam content by assigning each email a sort of "spam index." If it is over a certain score, it will be moved into a seperate folder. Peer 3: Common Email Protocols There are three common protocols used to deliver email over the Internet: the Simple Mail Transfer Protocol (SMTP), the Post Office Protocol (POP), and the Internet Message Access Protocol (IMAP). All three use TCP, and the last two are used for accessing electronic mailboxes. The IMAP protocol allows you to check emails from anywhere. Therefore, it ensures constant synchronization between your workstation and the server. Thus, your emails are better managed, sorted and classified. When you check your emails, you can ask to download only the headers or the body. This is a convenient solution if you do not want to download unnecessary attachments. You can also search from the server to see if an email is urgent or not. However, the IMAP protocol requires more resources on the server-side and download time can be increased, especially if connected by Modem. The POP protocol allows the recovery of emails located on a remote server. It manages the authentication of the account holder via his login credentials. Also, it offers the possibility to consult messages in offline mode. The POP protocol downloads emails to the server and stores them locally. After authenticating the recipients, it puts the messages on hold. Afterwards, emails can then be sent in bulk to a computer, stored or deleted on the server. However, it should be noted that the POP protocol is not adapted to mobile media and messages are not always synchronized with the server. The SMTP protocol centralizes the e-mails sent in a kind of special envelope, on which it places different tags, such as the name of the access provider, the name of the recipient and his email address.