Sunday, November 1, 2009

Web Spoofing Attack

Web Spoofing is Tricking Someone into visiting a Website other than one they intend to visit , by creating a similar website. Web Spoofing is a Phishing Scheme.

The attacker must somehow lure the victim into the attacker’s false web. there are several ways to do this.

# An attacker could put a link to false Web onto popular Web page.
# If the victim is using email, the attacker could email the victim a pointer to false Web.
# Finally, the attacker could trick a web search engine into indexing part of a false Web.

Have you ever received an e-mail that looked like this?

---------------------------------------------------------
From: Bank of America
To: John Doe
Subject: Your Online Banking Account is Inactive

Your Online Banking Account is Innactive

We closed your online access for security reasons.

Click here to access your account
We must verify your account information.

Bank of America, N.A. Member FDIC. Equal Housing Lender
© 2004 Bank of America Corporation. All rights reserved.
--------------------------------------------------------

Spoofing attacks in the physical world as well as the electronic world.

People using computer system often makes security relevant decisions based on Social
engineering they see.

you might decide to type in you account number because you believe you are visiting your bank’s web page. This belief might arise because the page has a familiar look.

Ways of Trapping Victim

1. A browser presents many types of context that users might rely on to make decisions.

2. Appearance – the appearance of an object might convey a certain impressions.

3. Name of Objects – people often deduce what is in a file by its name.

4. Timing of Events – if 2 things happen at the same time, the user might think they
are related.

Is MICR0SOFT.COM or MICROSOFT.COM the correct address for Microsoft? (Ms. Pooja Sharma Mam)

See How the Web Spoofing Attack Works

No comments:

Post a Comment