Web spoofing
1 / 13

WEB SPOOFING - PowerPoint PPT Presentation

  • Updated On :

WEB SPOOFING. by Miguel and Ngan. Content. Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed page Signs that you have been a victim Stats of Web Spoofing Conclusion Questions. What is Web Spoofing.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'WEB SPOOFING' - russ

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Web spoofing l.jpg


by Miguel and Ngan

Content l.jpg

Web Spoofing Demo

What is Web Spoofing

How the attack works

Different types of web spoofing

How to spot a spoofed page

Signs that you have been a victim

Stats of Web Spoofing



What is web spoofing l.jpg
What is Web Spoofing

  • Pretending to be a legitimate site

  • Attacker creates convincing but false copy of the site

  • Stealing personal information such as login ID, password, credit card, bank account, and much more. aka Phishing attack

  • False Web looks and feels like the real one

  • Attacker controls the false web by surveillance

  • Modifying integrity of the data from the victims

How the attack works l.jpg

How the attack works

Explain demo…

Different types of web spoofing l.jpg
Different types of Web Spoofing

  • DNS server spoofing attack

    • One of the most complex types of attack

    • Alter a domain name to point to different IP address

    • Redirect to a different server hosting a spoofed site

Different types of web spoofing7 l.jpg
Different types of Web Spoofing

  • Content theft

    • A copy of a site can be created from the original by saving all the publicly accessible pages, images, and scripts from a site to another server. (Miguel’s Demo)

    • Can be done automated by using programs called “spiders”

Different types of web spoofing8 l.jpg
Different types of Web Spoofing

  • Subdomain Spoofing

    • Normal subdomain: http://subdomain.domain.com

    • Tricking internet user that they are on the correct URL

    • Make the URL long enough so that the user cannot see the entire URL

  • And more…

    • IP Address as URL, Email with HTML attached, Frameless Pop-up, and more…

How to detect a spoofed webpage l.jpg
How to detect a spoofed webpage

  • URL (this is the easiest way to detect the attack!)

    • Triple check the spelling of the URL

    • Look for small differences such as a hyphen (-) or an underscore (e.g. suntrust.com vs. sun-trust.com)

  • Mouse over message (careful: this can be spoofed too!)

  • Beware of pages that use server scripting such as php these tools make it easy to obtain your information.

  • Beware of javascripting as well.

  • Beware of longer than average load times.

Signs that you may have been a victim l.jpg
Signs that you may have been a victim

  • If an unexpected error occurs, you may be a victim of web spoofing (sorry) (This relates to Dr. Burmester's example of the fake ATM's)

  • If you have to click submit buttons repeatedly. (class example)

  • If you have to enter your password repeatedly (class example)

  • If there is any redirection to other webpages.

Stats of web spoofing l.jpg
Stats of Web Spoofing

  • Web spoofing is increasing at a rapid pace

    • According to a study by Gartner Research

      • Two million users gave such information to spoofed web sites.

      • About $1.2 billion direct losses to U.S. Bank and credit card issuers in 2003

      • And about $400 million to $1 billion losses from the victims

    • Archives of reported scams

      • http://www.millersmiles.co.uk/archives.php

Resources l.jpg

  • Web Spoofing: Internet Con Game - http://www.cs.princeton.edu/sip/pub/spoofing.pdf

  • Web Spoofing 2001 - http://www.cs.dartmouth.edu/~pkilab/demos/spoofing/tr.pdf What is Web Spoofing - http://www.washington.edu/computing/windows/issue22/spoofing.html

  • How Web Spoofing Works - http://www.systemexperts.com/tutors/webspoof.pdf

  • Different types of spoofing - http://www.articsoft.com/wp_spoofing.htm

  • Archives of Web Spoofing - http://www.millersmiles.co.uk/archives.php

  • TrustBar: Protecting Web User - http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/spoofing.htm