In early April, a bug was found in Internet Explorer (IE) allowing a different website URL to display in the address bar than the actual website displayed on the users computer screen. In other words, someone could create a link to a deceptive, or "spoofed," website that actually displays the URL of a legitimate website in the status, address, and title bars. While Microsoft has provided a patch for the problem – which was due to a flaw in the Macromedia Flash .swf files in IE windows – this latest incident brings to light the numerous spoofing and phishing scams still active on the Internet today. It is important to educate yourself.
What is spoofing?
Simply put, a spoofed URL is when one website poses as another. An unsuspecting user attempting to go to one website may be diverted to a "fake" website disguised as a genuine one. In some cases, it can be difficult to tell a legitimate website from a copycat. The creators of these spoofed URLs have become so good at what they do that a user hovering over the link to view the status bar text would be fooled, since a legitimate web address may appear in the address bar.
The "fake" website has instead been created and disguised for the sole purpose of phishing (an attempt to lure private information from someone with the intent to use it for identity theft). During a spoofing attack, a user innocently provides private information through a website that looks legitimate and the information is then redirected to an entirely different website most likely monitored by an identity thief.
Spoofing is a serious problem with very real consequences. With identity theft on the rise daily, this is one more attack in a long list of threats to a user’s personal information and identity. Scammers lurk in every corner of cyberspace and will try anything to trick someone to share their personal information ideally the gems of financial account information or social security numbers.
How to protect yourself
Unfortunately, fraudulent activity will continue to be a threat in cyberspace. This isn’t to say that you need to be suspicious of all – or even most – websites, but spoofed URLs do exist. To help you avoid becoming a victim of a spoofing or phishing scam, here are a few things to keep in mind:
- Update your computer security patches regularly.
- Utilise access to the free programs, such as the one found on www.secunia.com that will check a web page in your browser to see if it has been spoofed.
- Don’t click on any hyperlinks that look suspicious – instead, type them into your address bar.
- Look for the presence of an "@" symbol anywhere in the page URL. This usually indicates a fraudulent website.
- Adjust browser settings to prompt you whenever a website tries to install additional software, new program, or ActiveX control. You can do this by adjusting your settings from the "Tools" menu bar. Choose "Internet Options" and click on the "Security Tab," then click on "Custom Level." Here you can set options to enable automatic prompting.
- Be wary of "orphan" pages, or pages where a home page cannot be located for a company. If you can’t locate a home page, be suspicious.
As a general rule, it’s best not to give out any personal information over the web. If you must, be sure there is a padlock icon in the lower right status bar to indicate a secure connection. Click on this icon and verify the name of the server that provides the page you are viewing before typing in personal information.
For more information:
» HP Personal Computing Security Centre
» Spoof URL Checker
» Spoofing: An Introduction
» Vulnerability Test
|
Printable version
