Website spoofing

Last updated

Website spoofing is the act of creating a website with the intention of misleading readers that the website has been created by a different person or organization.

Contents

Techniques

Normally, the spoof website will adopt the design of the target website, and it sometimes has a similar URL. [1] A more sophisticated attack results in an attacker creating a "shadow copy" of the World Wide Web by having all of the victim's traffic go through the attacker's machine, causing the attacker to obtain the victim's sensitive information. [2]

Another technique is to use a 'cloaked' URL. [3] By using domain forwarding, or inserting control characters, the URL can appear to be genuine while concealing the actual address of the malicious website. Punycode can also be used for this purpose. Punycode-based attacks exploit the similar characters in different writing systems in common fonts. For example, on one large font, the greek letter tau (τ) is similar in appearance to the Latin lowercase letter t. However, the greek letter tau is represented in punycode as 5xa, while the Latin lowercase letter is simply represented as t, since it is present on the ASCII system. In 2017, a security researcher managed to register the domain xn--80ak6aa92e.com and have it show on several mainstream browsers as apple.com. While the characters used didn't belong to the latin script, due to the default font on those browsers, the end result was non-latin characters that were indistinguishable from those on the latin script. [4] [5]

Motives

The objective may be fraudulent, often associated with phishing, e-mail spoofing or to lure potential victims to scams such as a get-rich-quick scheme, like in the case of fake news articles with sensational titles purporting of incidents involving popular celebrities with a forged interview discussing about and leading victims to a cryptocurrency scam. [6] [7] Because the purpose is often malicious, "spoof" (an expression whose base meaning is innocent parody) is a poor term for this activity so that more accountable organisations such as government departments and banks tend to avoid it, preferring more explicit descriptors such as "fraud", "counterfeit" or "phishing". [8] [9]

A relatively more benign use of website spoofing is to criticize or make fun of the person or body whose website the spoofed site purports to represent. As an example of the use of this technique to parody an organisation, in November 2006 two spoof websites, www.msfirefox.com and www.msfirefox.net, were produced claiming that Microsoft had bought Firefox and released "Microsoft Firefox 2007." [10] A similar incident occurred in 2023 when the culture jamming collective Barbie Liberation Organization created a satirical parody page closely resembling the Mattel corporate website using the URL mattel-corporate.com [11] where they announced a fictitious line of Barbie dolls called "MyCelia EcoWarrior" alongside a series of hoax videos with actress Daryl Hannah posing as a spokesperson for Mattel to lend further legitimacy to the nonexistent dolls, leveraging the publicity surrounding the 2023 live-action film. [12] The website's heavy resemblance to the legitimate Mattel corporate site led to a number of news outlets mistakenly reporting it as real, to which they eventually issued a correction and removed the articles in question. [13] [12]

Prevention tools

Anti-phishing software

Spoofed websites predominate in efforts developing anti-phishing software though there are concerns about their effectiveness. A majority of efforts are focused on the PC market leaving mobile devices lacking. [14]

DNS filtering

DNS is the layer at which botnets control drones. In 2006, OpenDNS began offering a free service to prevent users from entering website spoofing sites. Essentially, OpenDNS has gathered a large database from various anti-phishing and anti-botnet organizations as well as its own data to compile a list of known website spoofing offenders. When a user attempts to access one of these bad websites, they are blocked at the DNS level. APWG statistics show that most phishing attacks use URLs, not domain names, so there would be a large amount of website spoofing that OpenDNS would be unable to track. At the time of release, OpenDNS is unable to prevent unnamed phishing exploits that sit on Yahoo, Google etc. [15]

See also

Related Research Articles

<span class="mw-page-title-main">Denial-of-service attack</span> Type of cyber-attack

In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. The range of attacks varies widely, spanning from inundating a server with millions of requests to slow its performance, overwhelming a server with a substantial amount of invalid data, to submitting requests with an illegitimate IP address.

<span class="mw-page-title-main">Domain name</span> Identification string in the Internet

In the Internet, a domain name is a string that identifies a realm of administrative autonomy, authority or control. Domain names are often used to identify services provided through the Internet, such as websites, email services and more. Domain names are used in various networking contexts and for application-specific naming and addressing purposes. In general, a domain name identifies a network domain or an Internet Protocol (IP) resource, such as a personal computer used to access the Internet, or a server computer.

<span class="mw-page-title-main">Internationalized domain name</span> Type of internet domain name

An internationalized domain name (IDN) is an Internet domain name that contains at least one label displayed in software applications, in whole or in part, in non-Latin script or alphabet or in the Latin alphabet-based characters with diacritics or ligatures. These writing systems are encoded by computers in multibyte Unicode. Internationalized domain names are stored in the Domain Name System (DNS) as ASCII strings using Punycode transcription.

<span class="mw-page-title-main">Phishing</span> Form of social engineering

Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim navigates the site, and transverses any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of cybercrime.

A Joe job is a spamming technique that sends out unsolicited e-mails using spoofed sender data. Early Joe jobs aimed at tarnishing the reputation of the apparent sender or inducing the recipients to take action against them, but they are now typically used by commercial spammers to conceal the true origin of their messages and to trick recipients into opening emails apparently coming from a trusted source.

<span class="mw-page-title-main">Botnet</span> Collection of compromised internet-connected devices controlled by a third party

A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform distributed denial-of-service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.

Anti-phishing software consists of computer programs that attempt to identify phishing content contained in websites, e-mail, or other forms used to accessing data and block the content, usually with a warning to the user. It is often integrated with web browsers and email clients as a toolbar that displays the real domain name for the website the viewer is visiting, in an attempt to prevent fraudulent websites from masquerading as other legitimate websites.

Pharming is a cyberattack intended to redirect a website's traffic to another, fake site by installing a malicious program on the victim's computer in order to gain access to it. Pharming can be conducted either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real IP addresses. Compromised DNS servers are sometimes referred to as "poisoned". Pharming requires unprotected access to target a computer, such as altering a customer's home computer, rather than a corporate business server.

The internationalized domain name (IDN) homograph attack is a method used by malicious parties to deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike. For example, the Cyrillic, Greek and Latin alphabets each have a letter ⟨o⟩ that has the same shape but represents different sounds or phonemes in their respective writing systems.

A spoofed URL involves one website masquerading as another, often leveraging vulnerabilities in web browser technology to facilitate a malicious computer attack. These attacks are particularly effective against computers that lack up-to-date security patches. Alternatively, some spoofed URLs are crafted for satirical purposes.

Email spoofing is the creation of email messages with a forged sender address. The term applies to email purporting to be from an address which is not actually the sender's; mail sent in reply to that address may bounce or be delivered to an unrelated party whose identity has been faked. Disposable email address or "masked" email is a different topic, providing a masked email address that is not the user's normal address, which is not disclosed, but forwards mail sent to it to the user's real address.

<span class="mw-page-title-main">OpenDNS</span> Domain name system provided by Cisco using closed-source software

OpenDNS is an American company providing Domain Name System (DNS) resolution services—with features such as phishing protection, optional content filtering, and DNS lookup in its DNS servers—and a cloud computing security product suite, Umbrella, designed to protect enterprise customers from malware, botnets, phishing, and targeted online attacks. The OpenDNS Global Network processes an estimated 100 billion DNS queries daily from 85 million users through 25 data centers worldwide.

Voice phishing, or vishing, is the use of telephony to conduct phishing attacks.

<span class="mw-page-title-main">Storm botnet</span> Computer botnet

The Storm botnet or Storm Worm botnet was a remotely controlled network of "zombie" computers that had been linked by the Storm Worm, a Trojan horse spread through e-mail spam. At its height in September 2007, the Storm botnet was running on anywhere from 1 million to 50 million computer systems, and accounted for 8% of all malware on Microsoft Windows computers. It was first identified around January 2007, having been distributed by email with subjects such as "230 dead as storm batters Europe," giving it its well-known name. The botnet began to decline in late 2007, and by mid-2008 had been reduced to infecting about 85,000 computers, far less than it had infected a year earlier.

<span class="mw-page-title-main">Fast flux</span> DNS evasion technique against origin server fingerprinting.

Fast flux is a domain name system (DNS) based evasion technique used by cyber criminals to hide phishing and malware delivery websites behind an ever-changing network of compromised hosts acting as reverse proxies to the backend botnet master—a bulletproof autonomous system. It can also refer to the combination of peer-to-peer networking, distributed command and control, web-based load balancing and proxy redirection used to make malware networks more resistant to discovery and counter-measures.

DNS hijacking, DNS poisoning, or DNS redirection is the practice of subverting the resolution of Domain Name System (DNS) queries. This can be achieved by malware that overrides a computer's TCP/IP configuration to point at a rogue DNS server under the control of an attacker, or through modifying the behaviour of a trusted DNS server so that it does not comply with internet standards.

Typosquatting, also called URL hijacking, a sting site, a cousin domain, or a fake URL, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typos made by Internet users when inputting a website address into a web browser. A user accidentally entering an incorrect website address may be led to any URL, including an alternative website owned by a cybersquatter.

Avalanche was a criminal syndicate involved in phishing attacks, online bank fraud, and ransomware. The name also refers to the network of owned, rented, and compromised systems used to carry out that activity. Avalanche only infected computers running the Microsoft Windows operating system.

SmartScreen is a cloud-based anti-phishing and anti-malware component included in several Microsoft products:

An emoji domain is a domain name with one or more emoji in it, for example 😉.tld.

References

  1. "Spoof website will stay online" Archived 2024-08-19 at the Wayback Machine , BBC News, 29 July 2004
  2. "Web Spoofing: An Internet Con Game" (PDF). Archived from the original (PDF) on 2017-10-12. Retrieved 2023-05-05.
  3. Anti-Phishing Technology" Archived 2007-09-27 at the Wayback Machine , Aaron Emigh, Radix Labs, 19 January 2005
  4. "That apple.com link you clicked on? Yeah, it's actually Russian". www.theregister.com. Archived from the original on 2020-10-12. Retrieved 2020-10-10.
  5. "Google is fixing a Chrome flaw that makes phishing easy". 17 April 2017. Archived from the original on 2024-08-19. Retrieved 2020-10-10.
  6. "FACT CHECK: BOGUS ads use Aga Muhlach's name, photo to promote get-rich-quick scheme". VERA Files. 2025-01-21. Retrieved 2025-01-29.
  7. Arasa, Dale (2024-05-15). "Crypto scams impersonating Inquirer.net and other news sites". Philippine Daily Inquirer . Retrieved 2025-01-29.
  8. "HMRC phishing and scams: detailed information". Archived from the original on 2014-10-21. Retrieved 2023-11-01.
  9. "Scam calls" . Retrieved 2023-11-01.
  10. "Fake Sites Insist Microsoft Bought Firefox" Archived 2007-04-28 at the Wayback Machine , Gregg Keizer, InformationWeek, 9 November 2006
  11. "Mattel Denies Claim That All Barbies Will Be Compostable". Futurism. 2023-08-03. Retrieved 2024-11-26.
  12. 1 2 "A new "EcoWarrior" Barbie, supposedly from Mattel, drew headlines. It was a hoax. - CBS News". 2023-08-02. Retrieved 2024-11-26.
  13. Barbie Hoax Targets Mattel and Fools Some News Outlets
  14. "Phishing environments, techniques, and countermeasures: A survey". Computers & Security. 68 (4): 280. July 2017. doi:10.1016/s0167-4048(04)00129-4. ISSN   0167-4048.
  15. "Dark Reading | Security | Protect The Business - Enable Access". Dark Reading. Archived from the original on 2011-08-18. Retrieved 2018-06-29.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.