Website spoofing

Last updated

Website spoofing is the act of creating a website with the intention of misleading readers that the website has been created by a different person or organization.

Contents

Techniques

Normally, the spoof website will adopt the design of the target website, and it sometimes has a similar URL. [1] A more sophisticated attack results in an attacker creating a "shadow copy" of the World Wide Web by having all of the victim's traffic go through the attacker's machine, causing the attacker to obtain the victim's sensitive information. [2]

Another technique is to use a 'cloaked' URL. [3] By using domain forwarding, or inserting control characters, the URL can appear to be genuine while concealing the actual address of the malicious website. Punycode can also be used for this purpose. Punycode-based attacks exploit the similar characters in different writing systems in common fonts. For example, on one large font, the greek letter tau (τ) is similar in appearance to the Latin lowercase letter t. However, the greek letter tau is represented in punycode as 5xa, while the Latin lowercase letter is simply represented as t, since it is present on the ASCII system. In 2017, a security researcher managed to register the domain xn--80ak6aa92e.com and have it show on several mainstream browsers as apple.com. While the characters used didn't belong to the latin script, due to the default font on those browsers, the end result was non-latin characters that were indistinguishable from those on the latin script. [4] [5]

Motives

The objective may be fraudulent, often associated with phishing or e-mail spoofing, or to criticize or make fun of the person or body whose website the spoofed site purports to represent. Because the purpose is often malicious, "spoof" (an expression whose base meaning is innocent parody) is a poor term for this activity so that more accountable organisations such as government departments and banks tend to avoid it, preferring more explicit descriptors such as "fraudulent", "counterfeit" or "phishing". [6] [7]

As an example of the use of this technique to parody an organisation, in November 2006 two spoof websites, www.msfirefox.com and www.msfirefox.net, were produced claiming that Microsoft had bought Firefox and released "Microsoft Firefox 2007." [8] A similar incident occurred in 2023 when the culture jamming collective Barbie Liberation Organization created a satirical parody page resembling the Mattel corporate website using the URL mattel-corporate.com [9] where they announced a fictitious line of Barbie dolls called "MyCelia EcoWarrior" alongside a series of hoax videos with actress Daryl Hannah posing as a spokesperson for Mattel to lend further legitimacy to the nonexistent dolls, leveraging the publicity surrounding the 2023 live-action film. [10] The website's heavy resemblance to the legitimate Mattel corporate site led to a number of news outlets mistakenly reporting it as real, to which they eventually issued a correction and removed the articles in question. [11] [10]

Prevention tools

Anti-phishing software

Spoofed websites predominate in efforts developing anti-phishing software though there are concerns about their effectiveness. A majority of efforts are focused on the PC market leaving mobile devices lacking. [12]

DNS filtering

DNS is the layer at which botnets control drones. In 2006, OpenDNS began offering a free service to prevent users from entering website spoofing sites. Essentially, OpenDNS has gathered a large database from various anti-phishing and anti-botnet organizations as well as its own data to compile a list of known website spoofing offenders. When a user attempts to access one of these bad websites, they are blocked at the DNS level. APWG statistics show that most phishing attacks use URLs, not domain names, so there would be a large amount of website spoofing that OpenDNS would be unable to track. At the time of release, OpenDNS is unable to prevent unnamed phishing exploits that sit on Yahoo, Google etc. [13]

See also

Related Research Articles

<span class="mw-page-title-main">Domain name</span> Identification string in the Internet

In the Internet, a domain name is a string that identifies a realm of administrative autonomy, authority or control. Domain names are often used to identify services provided through the Internet, such as websites, email services and more. Domain names are used in various networking contexts and for application-specific naming and addressing purposes. In general, a domain name identifies a network domain or an Internet Protocol (IP) resource, such as a personal computer used to access the Internet, or a server computer.

Various anti-spam techniques are used to prevent email spam.

Punycode is a representation of Unicode with the limited ASCII character subset used for Internet hostnames. Using Punycode, host names containing Unicode characters are transcoded to a subset of ASCII consisting of letters, digits, and hyphens, which is called the letter–digit–hyphen (LDH) subset. For example, München is encoded as Mnchen-3ya.

<span class="mw-page-title-main">Internationalized domain name</span> Type of internet domain name

An internationalized domain name (IDN) is an Internet domain name that contains at least one label displayed in software applications, in whole or in part, in non-Latin script or alphabet or in the Latin alphabet-based characters with diacritics or ligatures. These writing systems are encoded by computers in multibyte Unicode. Internationalized domain names are stored in the Domain Name System (DNS) as ASCII strings using Punycode transcription.

<span class="mw-page-title-main">Phishing</span> Form of social engineering

Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim navigates the site, and transverses any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of cybercrime.

<span class="mw-page-title-main">Botnet</span> Collection of compromised internet-connected devices controlled by a third party

A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform distributed denial-of-service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.

<span class="mw-page-title-main">The Spamhaus Project</span> Organization targetting email spammers

The Spamhaus Project is an international organisation based in the Principality of Andorra, founded in 1998 by Steve Linford to track email spammers and spam-related activity. The name spamhaus, a pseudo-German expression, was coined by Linford to refer to an internet service provider, or other firm, which spams or knowingly provides service to spammers.

Anti-phishing software consists of computer programs that attempt to identify phishing content contained in websites, e-mail, or other forms used to accessing data and block the content, usually with a warning to the user. It is often integrated with web browsers and email clients as a toolbar that displays the real domain name for the website the viewer is visiting, in an attempt to prevent fraudulent websites from masquerading as other legitimate websites.

<span class="mw-page-title-main">Homoglyph</span> Different glyphs which are visually similar

In orthography and typography, a homoglyph is one of two or more graphemes, characters, or glyphs with shapes that appear identical or very similar but may have differing meaning. The designation is also applied to sequences of characters sharing these properties.

The internationalized domain name (IDN) homoglyph attack is a method used by malicious parties to deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike. For example, the Cyrillic, Greek and Latin alphabets each have a letter ⟨o⟩ that has the same shape but different meaning from its counterparts.

A spoofed URL involves one website masquerading as another, often leveraging vulnerabilities in web browser technology to facilitate a malicious computer attack. These attacks are particularly effective against computers that lack up-to- security patches. Alternatively, some spoofed URLs are crafted for satirical purposes.

Email spoofing is the creation of email messages with a forged sender address. The term applies to email purporting to be from an address which is not actually the sender's; mail sent in reply to that address may bounce or be delivered to an unrelated party whose identity has been faked. Disposable email address or "masked" email is a different topic, providing a masked email address that is not the user's normal address, which is not disclosed, but forwards mail sent to it to the user's real address.

A proxy auto-config (PAC) file defines how web browsers and other user agents can automatically choose the appropriate proxy server for fetching a given URL.

<span class="mw-page-title-main">OpenDNS</span> Domain name system provided by Cisco using closed-source software

OpenDNS is an American company providing Domain Name System (DNS) resolution services—with features such as phishing protection, optional content filtering, and DNS lookup in its DNS servers—and a cloud computing security product suite, Umbrella, designed to protect enterprise customers from malware, botnets, phishing, and targeted online attacks. The OpenDNS Global Network processes an estimated 100 billion DNS queries daily from 85 million users through 25 data centers worldwide.

<span class="mw-page-title-main">Fast flux</span> DNS evasion technique against origin server fingerprinting.

Fast flux is a domain name system (DNS) based evasion technique used by cyber criminals to hide phishing and malware delivery websites behind an ever-changing network of compromised hosts acting as reverse proxies to the backend botnet master—a bulletproof autonomous system. It can also refer to the combination of peer-to-peer networking, distributed command and control, web-based load balancing and proxy redirection used to make malware networks more resistant to discovery and counter-measures.

DNS hijacking, DNS poisoning, or DNS redirection is the practice of subverting the resolution of Domain Name System (DNS) queries. This can be achieved by malware that overrides a computer's TCP/IP configuration to point at a rogue DNS server under the control of an attacker, or through modifying the behaviour of a trusted DNS server so that it does not comply with internet standards.

Typosquatting, also called URL hijacking, a sting site, a cousin domain, or a fake URL, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typos made by Internet users when inputting a website address into a web browser. A user accidentally entering an incorrect website address may be led to any URL, including an alternative website owned by a cybersquatter.

Avalanche was a criminal syndicate involved in phishing attacks, online bank fraud, and ransomware. The name also refers to the network of owned, rented, and compromised systems used to carry out that activity. Avalanche only infected computers running the Microsoft Windows operating system.

SmartScreen is a cloud-based anti-phishing and anti-malware component included in several Microsoft products:

An emoji domain is a domain name with one or more emoji in it, for example 😉.tld.

References

  1. "Spoof website will stay online" Archived 2024-08-19 at the Wayback Machine , BBC News, 29 July 2004
  2. "Web Spoofing: An Internet Con Game" (PDF). Archived from the original (PDF) on 2017-10-12. Retrieved 2023-05-05.
  3. Anti-Phishing Technology" Archived 2007-09-27 at the Wayback Machine , Aaron Emigh, Radix Labs, 19 January 2005
  4. "That apple.com link you clicked on? Yeah, it's actually Russian". www.theregister.com. Archived from the original on 2020-10-12. Retrieved 2020-10-10.
  5. "Google is fixing a Chrome flaw that makes phishing easy". 17 April 2017. Archived from the original on 2024-08-19. Retrieved 2020-10-10.
  6. "HMRC phishing and scams: detailed information". Archived from the original on 2014-10-21. Retrieved 2023-11-01.
  7. "Scam calls" . Retrieved 2023-11-01.
  8. "Fake Sites Insist Microsoft Bought Firefox" Archived 2007-04-28 at the Wayback Machine , Gregg Keizer, InformationWeek, 9 November 2006
  9. "Mattel Denies Claim That All Barbies Will Be Compostable". Futurism. 2023-08-03. Retrieved 2024-11-26.
  10. 1 2 "A new "EcoWarrior" Barbie, supposedly from Mattel, drew headlines. It was a hoax. - CBS News". 2023-08-02. Retrieved 2024-11-26.
  11. Barbie Hoax Targets Mattel and Fools Some News Outlets
  12. "Phishing environments, techniques, and countermeasures: A survey". Computers & Security. 68 (4): 280. July 2017. doi:10.1016/s0167-4048(04)00129-4. ISSN   0167-4048.
  13. "Dark Reading | Security | Protect The Business - Enable Access". Dark Reading. Archived from the original on 2011-08-18. Retrieved 2018-06-29.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.