2


2
 

|
 


|
 
 |
 

|
 
 |
 

|
 
 |
 

 Introduction
|
 


|
 
 |
 

|
 
 |
 

|
 
 |
 

 Web spoofing is the act of creating a
website, as a hoax, with the intention of
misleading readers that the website has
been created by a different person or
organization.

 Creating a shadow copy of the world

wide web
Kttacker creates convincing but false copy
of the site

Stealing personal information such as

login ID, password, credit card, bank
account, and much more.

False Web looks and feels like the real one

Kttacker controls the false web pages.

Modifying the data from the victims

Information Flow Model
(. K fake message is sent from the
spoofer to the user.

2. K user provides confidential

information to a spoofer server.

3. The spoofer obtains the

confidential information from the
server.

4. The confidential information is

used to impersonate the user.

5. The spoofer obtains illegal gain.

 ßow to detect a
|
 

spoofed webpage

|
 
 |
 

|
 
 |
 

|
 
 |
 

Ö
(this is the easiest way to detect the
attack!)

Triple check the spelling of the Ö

ook for small differences such as a
hyphen (-) or an underscore (e.g.
suntrust.com vs. sun-trust.com)

Mouse over message (careful: this can be

spoofed too!)

Beware of pages that use several server

tools that make it easy to obtain your
information.

Beware of longer than average load times.

Oigns that you may have been a victim

If you have to click submit buttons

repeatedly.

If an unexpected error occurs, you may be

a victim of web spoofing.

If you have to enter your password

repeatedly

If there is any redirection to other web

pages.
Otats of Web Opoofing
|
 


|
 
 |
 

|
 
 |
 

|
 
 |
 

Web spoofing is increasing at a rapid pace

Kccording to a study by Gartner

esearch

Two million users gave such

information to spoofed web sites.

Kbout $(.2 billion direct losses to

Ö.S. Bank and credit card issuers in
2003

Knd about $400 million to $(

billion losses from the victims
seading countries in web spoofing
 Otarting the web attack

 jut links in popular places

 Emails

 Search Engines
ßow does the attack work

 |



  
  


 


 

¢¢¢   
What can we do ?
|
 


|
 
 |
 

|
 
 |
 

|
 
 |
 

 Do not reply to or click on a link that
will lead you to a webpage asking you for
info.


ook for the presence of a padlock and

https://. Both must be present for a
connection to be secure

 Keep up with updates

 If you are a victim, file a complaint at

www.ftc.gov.
 |onclusion

 Current technology is unable to

completely stop web spoofing.

 Improvements in security technology

can drastically reduce the amount of
web spoofing.
K

!"#$ %