Web spoofing l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 13

WEB SPOOFING PowerPoint PPT Presentation


  • 235 Views
  • Uploaded on
  • Presentation posted in: General

WEB SPOOFING. by Miguel and Ngan. Content. Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed page Signs that you have been a victim Stats of Web Spoofing Conclusion Questions. What is Web Spoofing.

Download Presentation

WEB SPOOFING

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Web spoofing l.jpg

WEB SPOOFING

by Miguel and Ngan


Content l.jpg

Content

Web Spoofing Demo

What is Web Spoofing

How the attack works

Different types of web spoofing

How to spot a spoofed page

Signs that you have been a victim

Stats of Web Spoofing

Conclusion

Questions


What is web spoofing l.jpg

What is Web Spoofing

  • Pretending to be a legitimate site

  • Attacker creates convincing but false copy of the site

  • Stealing personal information such as login ID, password, credit card, bank account, and much more. aka Phishing attack

  • False Web looks and feels like the real one

  • Attacker controls the false web by surveillance

  • Modifying integrity of the data from the victims


How the attack works l.jpg

How the attack works

Explain demo…


Different types of web spoofing l.jpg

Different types of Web Spoofing

  • DNS server spoofing attack

    • One of the most complex types of attack

    • Alter a domain name to point to different IP address

    • Redirect to a different server hosting a spoofed site


Different types of web spoofing7 l.jpg

Different types of Web Spoofing

  • Content theft

    • A copy of a site can be created from the original by saving all the publicly accessible pages, images, and scripts from a site to another server. (Miguel’s Demo)

    • Can be done automated by using programs called “spiders”


Different types of web spoofing8 l.jpg

Different types of Web Spoofing

  • Subdomain Spoofing

    • Normal subdomain: http://subdomain.domain.com

    • Tricking internet user that they are on the correct URL

    • Make the URL long enough so that the user cannot see the entire URL

  • And more…

    • IP Address as URL, Email with HTML attached, Frameless Pop-up, and more…


How to detect a spoofed webpage l.jpg

How to detect a spoofed webpage

  • URL (this is the easiest way to detect the attack!)

    • Triple check the spelling of the URL

    • Look for small differences such as a hyphen (-) or an underscore (e.g. suntrust.com vs. sun-trust.com)

  • Mouse over message (careful: this can be spoofed too!)

  • Beware of pages that use server scripting such as php these tools make it easy to obtain your information.

  • Beware of javascripting as well.

  • Beware of longer than average load times.


Signs that you may have been a victim l.jpg

Signs that you may have been a victim

  • If an unexpected error occurs, you may be a victim of web spoofing (sorry) (This relates to Dr. Burmester's example of the fake ATM's)

  • If you have to click submit buttons repeatedly. (class example)

  • If you have to enter your password repeatedly (class example)

  • If there is any redirection to other webpages.


Stats of web spoofing l.jpg

Stats of Web Spoofing

  • Web spoofing is increasing at a rapid pace

    • According to a study by Gartner Research

      • Two million users gave such information to spoofed web sites.

      • About $1.2 billion direct losses to U.S. Bank and credit card issuers in 2003

      • And about $400 million to $1 billion losses from the victims

    • Archives of reported scams

      • http://www.millersmiles.co.uk/archives.php


Gartner research graph l.jpg

Gartner Research - Graph


Resources l.jpg

Resources

  • Web Spoofing: Internet Con Game - http://www.cs.princeton.edu/sip/pub/spoofing.pdf

  • Web Spoofing 2001 - http://www.cs.dartmouth.edu/~pkilab/demos/spoofing/tr.pdf What is Web Spoofing - http://www.washington.edu/computing/windows/issue22/spoofing.html

  • How Web Spoofing Works - http://www.systemexperts.com/tutors/webspoof.pdf

  • Different types of spoofing - http://www.articsoft.com/wp_spoofing.htm

  • Archives of Web Spoofing - http://www.millersmiles.co.uk/archives.php

  • TrustBar: Protecting Web User - http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/spoofing.htm


  • Login