web spoofing
Download
Skip this Video
Download Presentation
WEB SPOOFING

Loading in 2 Seconds...

play fullscreen
1 / 13

WEB SPOOFING - PowerPoint PPT Presentation


  • 362 Views
  • Uploaded on

WEB SPOOFING. by Miguel and Ngan. Content. Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed page Signs that you have been a victim Stats of Web Spoofing Conclusion Questions. What is Web Spoofing.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'WEB SPOOFING' - russ


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
web spoofing

WEB SPOOFING

by Miguel and Ngan

content
Content

Web Spoofing Demo

What is Web Spoofing

How the attack works

Different types of web spoofing

How to spot a spoofed page

Signs that you have been a victim

Stats of Web Spoofing

Conclusion

Questions

what is web spoofing
What is Web Spoofing
  • Pretending to be a legitimate site
  • Attacker creates convincing but false copy of the site
  • Stealing personal information such as login ID, password, credit card, bank account, and much more. aka Phishing attack
  • False Web looks and feels like the real one
  • Attacker controls the false web by surveillance
  • Modifying integrity of the data from the victims
how the attack works

How the attack works

Explain demo…

different types of web spoofing
Different types of Web Spoofing
  • DNS server spoofing attack
    • One of the most complex types of attack
    • Alter a domain name to point to different IP address
    • Redirect to a different server hosting a spoofed site
different types of web spoofing7
Different types of Web Spoofing
  • Content theft
    • A copy of a site can be created from the original by saving all the publicly accessible pages, images, and scripts from a site to another server. (Miguel’s Demo)
    • Can be done automated by using programs called “spiders”
different types of web spoofing8
Different types of Web Spoofing
  • Subdomain Spoofing
    • Normal subdomain: http://subdomain.domain.com
    • Tricking internet user that they are on the correct URL
    • Make the URL long enough so that the user cannot see the entire URL
  • And more…
    • IP Address as URL, Email with HTML attached, Frameless Pop-up, and more…
how to detect a spoofed webpage
How to detect a spoofed webpage
  • URL (this is the easiest way to detect the attack!)
    • Triple check the spelling of the URL
    • Look for small differences such as a hyphen (-) or an underscore (e.g. suntrust.com vs. sun-trust.com)
  • Mouse over message (careful: this can be spoofed too!)
  • Beware of pages that use server scripting such as php these tools make it easy to obtain your information.
  • Beware of javascripting as well.
  • Beware of longer than average load times.
signs that you may have been a victim
Signs that you may have been a victim
  • If an unexpected error occurs, you may be a victim of web spoofing (sorry) (This relates to Dr. Burmester\'s example of the fake ATM\'s)
  • If you have to click submit buttons repeatedly. (class example)
  • If you have to enter your password repeatedly (class example)
  • If there is any redirection to other webpages.
stats of web spoofing
Stats of Web Spoofing
  • Web spoofing is increasing at a rapid pace
    • According to a study by Gartner Research
      • Two million users gave such information to spoofed web sites.
      • About $1.2 billion direct losses to U.S. Bank and credit card issuers in 2003
      • And about $400 million to $1 billion losses from the victims
    • Archives of reported scams
      • http://www.millersmiles.co.uk/archives.php
resources
Resources
  • Web Spoofing: Internet Con Game - http://www.cs.princeton.edu/sip/pub/spoofing.pdf
  • Web Spoofing 2001 - http://www.cs.dartmouth.edu/~pkilab/demos/spoofing/tr.pdf What is Web Spoofing - http://www.washington.edu/computing/windows/issue22/spoofing.html
  • How Web Spoofing Works - http://www.systemexperts.com/tutors/webspoof.pdf
  • Different types of spoofing - http://www.articsoft.com/wp_spoofing.htm
  • Archives of Web Spoofing - http://www.millersmiles.co.uk/archives.php
  • TrustBar: Protecting Web User - http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/spoofing.htm
ad