Get educated on URL spoofing scams

Get educated on URL spoofing scams

In this two-part series, Serdar Yegulalp will explain how URL spoofing targets Windows users and how to protect your systems from attacks. Part one below details how URL spoofing works and how to educate users on its dangers and warning signs. Part two will cover anti-spoofing browser features, domain spoofing, weaknesses in international domain names and e-mail vulnerabilities.

"Social engineering" is the term used by security experts to describe hack attempts that exploit the user rather than the computer itself. Uneducated Windows users can be misled and deceived very easily into giving away passwords or other confidential information if they think they're doing so as part of a normal procedure.

One of the most common social-engineering cracks is URL "spoofing," during which an attacker fakes out a user with a misleading URL. Many of you have encountered URL spoofing, which can do a number of things to harm Windows systems and users.

For instance, you may receive an e-mail from someone alleging to be a bank, e-commerce site or a security help desk informing you that your account is in danger of being closed unless you click a URL to confirm that it's active. On closer inspection the URL turns out to be bogus, leading you to a Web page that attempts to harvest your information, such as bank account numbers or credit card information. The misleading URLs hide easily in rich-text e-mail where the actual target of the URL is not displayed.

A

    Requires Free Membership to View

    Login

    When you register, you’ll also receive targeted alerts from my team of editorial writers and independent industry experts with the latest news, tips, and advice to help you do your job more efficiently and effectively. Our goal is to keep you informed on the hottest topics and biggest challenges faced by IT professionals today working with desktop management and security technologies.

    Margie Semilof, Editorial Director

    By submitting your registration information to SearchEnterpriseDesktop.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchEnterpriseDesktop.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

spoofed URL can not only harvest user information through a form, it can also plant spyware or Trojans on Windows computers, which can then be used to hijack sensitive information either already on those PCs or sent from it later. For example, a malicious program planted at a spoofed URL could log keystrokes to get passwords, account numbers or other personal data.

Many people fall for URL spoofing simply because they don't know any better. With a little education and some countermeasures, it's possible to keep your users from being badly misled.

Today I'll mention some quick tips to identify URL spoofing scams. In part two, I'll discuss countermeasures you can take to protect your systems.

How to identify URL spoofing scams

  • Scare tactics: URL spoofing scams tend to use the same scare tactics ("Your account is in danger of being terminated!") and masquerade as the same entities, including eBay, PayPal, Amazon.com and banks. This makes them that much easier to spot.

  • URL construction: If URLs from a purported domain use a dotted-decimal address (i.e. 24.76.31.192) instead of a domain name, it's probably bogus.

  • Hovering tricks: Sometimes simply hovering the mouse over a URL will be a giveaway. For instance, in Microsoft Outlook, a tooltip pops up that lists the actual target for a URL when the mouse hovers over it. If the tooltip URL doesn't match the professed URL, it's probably bogus. Research the features of your mail client to see if something similar exists, and inform users about it.

    Stay tuned! Part two will discuss various defenses to protect Windows systems from URL spoofing.

    More Information from SearchWindowsSecurity.com

  • Tip: Learn how to protect Windows from a different kind of spoofing -- phishing
  • Tip: Get a comparison of two different antispyware products on the market: Spybot and Ad-Aware
  • Topics: Look up resources to help you educate end users


    • This was first published in February 2005

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    Back to top