Get educated on URL spoofing scams

In part one of this two-part series, find out how a little education goes a long way in preventing users from being badly misled by URL spoofing scams.

In this two-part series, Serdar Yegulalp will explain how URL spoofing targets Windows users and how to protect your systems from attacks. Part one below details how URL spoofing works and how to educate users on its dangers and warning signs. Part two will cover anti-spoofing browser features, domain spoofing, weaknesses in international domain names and e-mail vulnerabilities.

"Social engineering" is the term used by security experts to describe hack attempts that exploit the user rather than the computer itself. Uneducated Windows users can be misled and deceived very easily into giving away passwords or other confidential information if they think they're doing so as part of a normal procedure.

One of the most common social-engineering cracks is URL "spoofing," during which an attacker fakes out a user with a misleading URL. Many of you have encountered URL spoofing, which can do a number of things to harm Windows systems and users.

For instance, you may receive an e-mail from someone alleging to be a bank, e-commerce site or a security help desk informing you that your account is in danger of being closed unless you click a URL to confirm that it's active. On closer inspection the URL turns out to be bogus, leading you to a Web page that attempts to harvest your information, such as bank account numbers or credit card information. The misleading URLs hide easily in rich-text e-mail where the actual target of the URL is not displayed.

A spoofed URL can not only harvest user information through a form, it can also plant spyware or Trojans on Windows computers, which can then be used to hijack sensitive information either already on those PCs or sent from it later. For example, a malicious program planted at a spoofed URL could log keystrokes to get passwords, account numbers or other personal data.

Many people fall for URL spoofing simply because they don't know any better. With a little education and some countermeasures, it's possible to keep your users from being badly misled.

Today I'll mention some quick tips to identify URL spoofing scams. In part two, I'll discuss countermeasures you can take to protect your systems.

How to identify URL spoofing scams

  • Scare tactics: URL spoofing scams tend to use the same scare tactics ("Your account is in danger of being terminated!") and masquerade as the same entities, including eBay, PayPal, and banks. This makes them that much easier to spot.

  • URL construction: If URLs from a purported domain use a dotted-decimal address (i.e. instead of a domain name, it's probably bogus.

This was last published in February 2005

Dig Deeper on Endpoint security management tools



Find more PRO+ content and other member only offers, here.

1 comment


Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: