In this two-part series, Serdar Yegulalp will explain how URL spoofing targets Windows users and how to protect your systems from attacks. Part one below details how URL spoofing works and how to educate users on its dangers and warning signs. Part two will cover anti-spoofing browser features, domain spoofing, weaknesses in international domain names and e-mail vulnerabilities.
"Social engineering" is the term used by security experts to describe hack attempts that exploit the user rather than the computer itself. Uneducated Windows users can be misled and deceived very easily into giving away passwords or other confidential information if they think they're doing so as part of a normal procedure.
One of the most common social-engineering cracks is URL "spoofing," during which an attacker fakes out a user with a misleading URL. Many of you have encountered URL spoofing, which can do a number of things to harm Windows systems and users.
For instance, you may receive an e-mail from someone alleging to be a bank, e-commerce site or a security help desk informing you that your account is in danger of being closed unless you click a URL to confirm that it's active. On closer inspection the URL turns out to be bogus, leading you to a Web page that attempts to harvest your information, such as bank account numbers or credit card information. The misleading URLs hide easily in rich-text e-mail where the actual target of the URL is not displayed.
A spoofed URL can not only harvest user information through a form, it can also plant spyware or Trojans on Windows computers, which can then be used to hijack sensitive information either already on those PCs or sent from it later. For example, a malicious program planted at a spoofed URL could log keystrokes to get passwords, account numbers or other personal data.
Many people fall for URL spoofing simply because they don't know any better. With a little education and some countermeasures, it's possible to keep your users from being badly misled.
Today I'll mention some quick tips to identify URL spoofing scams. In part two, I'll discuss countermeasures you can take to protect your systems.
How to identify URL spoofing scams
- Scare tactics: URL spoofing scams tend to use the same scare tactics ("Your account is in danger of being terminated!") and masquerade as the same entities, including eBay, PayPal, Amazon.com and banks. This makes them that much easier to spot.
- URL construction: If URLs from a purported domain use a dotted-decimal address (i.e. 18.104.22.168) instead of a domain name, it's probably bogus.
- Hovering tricks: Sometimes simply hovering the mouse over a URL will be a giveaway. For instance, in Microsoft Outlook, a tooltip pops up that lists the actual target for a URL when the mouse hovers over it. If the tooltip URL doesn't match the professed URL, it's probably bogus. Research the features of your mail client to see if something similar exists, and inform users about it.
Stay tuned! Part two will discuss various defenses to protect Windows systems from URL spoofing.
More Information from SearchWindowsSecurity.com
- Tip: Learn how to protect Windows from a different kind of spoofing -- phishing
- Tip: Get a comparison of two different antispyware products on the market: Spybot and Ad-Aware
- Topics: Look up resources to help you educate end users