Professional Documents
Culture Documents
• And more…
• IP Address as URL, Email with HTML attached, Frameless Pop-up, and
more…
How to detect a spoofed webpage
• URL (this is the easiest way to detect the
attack!)
• Triple check the spelling of the URL
• Look for small differences such as a hyphen (-) or an
underscore (e.g. suntrust.com vs. sun-trust.com)
• Mouse over message (careful: this can be
spoofed too!)
• Beware of pages that use server scripting such
as php these tools make it easy to obtain your
information.
• Beware of javascripting as well.
• Beware of longer than average load times.
Signs that you may have been a victim
• If an unexpected error occurs, you may
be a victim of web spoofing (sorry) (This
relates to Dr. Burmester's example of the
fake ATM's)
• If you have to click submit buttons
repeatedly. (class example)
• If you have to enter your password
repeatedly (class example)
• If there is any redirection to other
webpages.
Stats of Web Spoofing
• Web spoofing is increasing at a rapid
pace
• According to a study by Gartner Research
• Two million users gave such information to
spoofed web sites.
• About $1.2 billion direct losses to U.S. Bank and
credit card issuers in 2003
• And about $400 million to $1 billion losses from
the victims
• Archives of reported scams
• http://www.millersmiles.co.uk/archives.php
Gartner Research - Graph
Resources
• Web Spoofing: Internet Con Game -
http://www.cs.princeton.edu/sip/pub/spoofing.pdf
• Web Spoofing 2001 -
http://www.cs.dartmouth.edu/~pkilab/demos/spoofing/tr.pdf
What is Web Spoofing -
http://www.washington.edu/computing/windows/issue22/spoofing.html
• How Web Spoofing Works -
http://www.systemexperts.com/tutors/webspoof.pdf
• Different types of spoofing -
http://www.articsoft.com/wp_spoofing.htm
• Archives of Web Spoofing -
http://www.millersmiles.co.uk/archives.php
• TrustBar: Protecting Web User -
http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/spoofing.htm