Document 7818837

by Miguel and Ngan
Web Spoofing Demo
What is Web Spoofing
How the attack works
Different types of web spoofing
How to spot a spoofed page
Signs that you have been a victim
Stats of Web Spoofing
What is Web Spoofing
• Pretending to be a legitimate site
• Attacker creates convincing but false copy of the site
• Stealing personal information such as login ID,
password, credit card, bank account, and much more.
aka Phishing attack
• False Web looks and feels like the real one
• Attacker controls the false web by surveillance
• Modifying integrity of the data from the victims
How the attack works
Explain demo…
Different types of Web Spoofing
• DNS server spoofing attack
• One of the most complex types of attack
• Alter a domain name to point to different IP address
• Redirect to a different server hosting a spoofed site
Different types of Web Spoofing
• Content theft
• A copy of a site can be created from the original by saving all the
publicly accessible pages, images, and scripts from a site to another
server. (Miguel’s Demo)
• Can be done automated by using programs called “spiders”
Different types of Web Spoofing
• Subdomain Spoofing
• Normal subdomain:
• Tricking internet user that they are on the correct URL
• Make the URL long enough so that the user cannot see the entire URL
• And more…
• IP Address as URL, Email with HTML attached, Frameless Pop-up, and
How to detect a spoofed webpage
• URL (this is the easiest way to detect the
• Triple check the spelling of the URL
• Look for small differences such as a hyphen (-) or an
underscore (e.g. vs.
• Mouse over message (careful: this can be
spoofed too!)
• Beware of pages that use server scripting such
as php these tools make it easy to obtain your
• Beware of javascripting as well.
• Beware of longer than average load times.
Signs that you may have been a victim
• If an unexpected error occurs, you may
be a victim of web spoofing (sorry) (This
relates to Dr. Burmester's example of the
fake ATM's)
• If you have to click submit buttons
repeatedly. (class example)
• If you have to enter your password
repeatedly (class example)
• If there is any redirection to other
Stats of Web Spoofing
• Web spoofing is increasing at a rapid pace
• According to a study by Gartner Research
• Two million users gave such information to
spoofed web sites.
• About $1.2 billion direct losses to U.S. Bank and
credit card issuers in 2003
• And about $400 million to $1 billion losses from
the victims
• Archives of reported scams
Gartner Research - Graph
• Web Spoofing: Internet Con Game -
• Web Spoofing 2001 -
What is Web Spoofing -
• How Web Spoofing Works -
• Different types of spoofing -
• Archives of Web Spoofing
• TrustBar: Protecting Web User -

similar documents