URL spoofing and Phishing are two closely related attacks. In most cases one attack comes into effect because of the other.
Phishing is the attempt to obtain confidential user information by camouflaging as a trustworthy entity in an electronic communication, usually in the form of an e-mail or instant messenger. Electric communications substituting as messages sent from companies such as eBay, PayPal, Youtube and online banks are a common camouflage for scam artists. The infected e-mails or messages usually direct a user to enter confidential information into an illegitimate website, where the attacker can easily gain access the users details. This is where URL spoofing comes into play.
URL spoofing is when one website poses as another website for malicious reasons. This assail involves the cloning of a legitimate web page, such as a bank site. The cloned site is created on another server under the control of the scam artist and is created to deceive users into believing they are on a trusted site. Users then proceed using passwords or account details on this cloned website, allowing the attacker to happily steal and utilize the information for illicit reasons.
How do scam artists get your e-mail address?
Scam artists usually randomly generate e-mail addresses and then send out loads of spam and e-mails. They are always on the search for lurking addresses on the web. Anyone that has ever registered or published on an internet forum is a likely to become victim. Scam artists sometimes work together and share a database of users e-mail addresses.
| Here are a few simple things to be aware of with regards to Phishing & Spoofing; |
- Don't give out passwords
Most businesses never require that you send passwords, login names, Social Security numbers, or any other private details via e-mail. It is best to ignore such e-mails.
- Beware of urgent responses
Scam artists want unsuspecting users to react without thinking, thus they try to scare the user into acting quickly e.g. 'Your account will be terminated, act now'
- Check for your last name
Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name.
- Check where the email came from
Ignore the details on the message header. Most programs can trace the origin of an e-mail. This is usually found under the options or properties tab. Contact your e-mail provider for instructions.
- Avoid certain links
At first avoid links that you are urged to click on. Hover the mouse pointer over the link first as it should reveal the real web address.
- Note the URL construction
If the URL contains dotted decimals (e.g. 153.562.28.01), the @ symbol or any other strange features, avoid it.
|
How does URL spoofing work?
The attacker manipulates web browser bugs to display fake URL's in the browser location bar. For instance the URL might say: http://www.ebay.com/ but it actually directs the user to the cloned website and not the actual website. Once the user has put in their private details, a 'pass word error' report pops up and the user is redirected to the legitimate site. The user is left clueless.
Spoofed URL's are not only found on electronic communications such as e-mails and instant messengers, you also find spoofed URL's as hyper links from another a website. Spoofed URL's can also plant Trojans and spyware on a computer with a windows operating system, allowing the attacker to steal confidential information that is stored or created on that computer.
Did you know?
- By sending and receiving e-mails in plain text it is easy for you to identify scammed links as all hyper links are visible on a plain text only format.
- It is possible to get an IPS (intrusion prevention system) with reverse DNS authorization. This program certifies if an e-mail was indeed sent from the professed senders domain.
- It's best to have a browser with a feature that can identify phishing and spoofing scams. Most browsers should have a feature that can detect when malicious tactics are being used (e.g. site redirection to fake sites), then warn the user accordingly.
- Attackers sometimes use the host file to override DNS, this allows attackers to re-write host files, this way the next time a user tries to visit a certain website they unknowingly visit the attackers cloned site. So ensure that your host file is guarded with a good IPS.
The best way to protect your PC is to install all the necessary 'Anti Ware' available out there, anti-spyware, anti-virus ware, anti-spam ware, the whole slew! Keep an eye out for my next article on how scam artists manipulate host files.
Resources:
Spam attacks
Get educated about Spoofing
Spoofing & Phishing stealing identities
User Comments