In this two-part series, Serdar Yegulalp will explain how URL spoofing targets Windows users and how to protect your systems from attacks. Part one below details how URL spoofing works and how to educate users on its dangers and warning signs. Part two will cover anti-spoofing browser features, domain spoofing, weaknesses in international domain names and e-mail vulnerabilities.
"Social engineering" is the term used by security experts to describe hack attempts that exploit the user rather than the computer itself. Uneducated Windows users can be misled and deceived very easily into giving away passwords or other confidential information if they think they're doing so as part of a normal procedure.
One of the most common social-engineering cracks is URL "spoofing," during which an attacker fakes out a user with a misleading URL. Many of you have encountered URL spoofing, which can do a number of things to harm Windows systems and users.
For instance, you may receive an e-mail from someone alleging to be a bank, e-commerce site or a security help desk informing you that your account is in danger of being closed unless you click a URL to confirm that it's active. On closer inspection the URL turns out to be bogus, leading you to a Web page that attempts to harvest your information, such as bank account numbers or credit card information. The misleading URLs hide easily in rich-text e-mail where the actual target of the URL is not displayed.
A spoofed URL can not only harvest user information through a form, it can also plant spyware or Trojans on Windows computers, which can then be used to hijack sensitive information either already on those PCs or sent from it later. For example, a malicious program planted at a spoofed URL could log keystrokes to get passwords, account numbers or other personal data.
Many people fall for URL spoofing simply because they don't know any better. With a little education and some countermeasures, it's possible to keep your users from being badly misled.
Today I'll mention some quick tips to identify URL spoofing scams. In part two, I'll discuss countermeasures you can take to protect your systems.
How to identify URL spoofing scams
Stay tuned! Part two will discuss various defenses to protect Windows systems from URL spoofing.
More Information from SearchWindowsSecurity.com
This was first published in February 2005