WEB SPOOFING - PowerPoint PPT Presentation

About This Presentation
Title:

WEB SPOOFING

Description:

Tricking internet user that they are on the correct URL. Make the URL long enough so that the user cannot see the entire URL. And more... – PowerPoint PPT presentation

Number of Views:173
Avg rating:3.0/5.0
Slides: 14
Provided by: nga3
Learn more at: http://www.cs.fsu.edu
Category:

less

Transcript and Presenter's Notes

Title: WEB SPOOFING


1
WEB SPOOFING
  • by Miguel and Ngan

2
Content
  • Web Spoofing Demo
  • What is Web Spoofing
  • How the attack works
  • Different types of web spoofing
  • How to spot a spoofed page
  • Signs that you have been a victim
  • Stats of Web Spoofing
  • Conclusion
  • Questions

3
What is Web Spoofing
  • Pretending to be a legitimate site
  • Attacker creates convincing but false copy of the
    site
  • Stealing personal information such as login ID,
    password, credit card, bank account, and much
    more. aka Phishing attack
  • False Web looks and feels like the real one
  • Attacker controls the false web by surveillance
  • Modifying integrity of the data from the victims

4
How the attack works
  • Explain demo

5
(No Transcript)
6
Different types of Web Spoofing
  • DNS server spoofing attack
  • One of the most complex types of attack
  • Alter a domain name to point to different IP
    address
  • Redirect to a different server hosting a spoofed
    site

7
Different types of Web Spoofing
  • Content theft
  • A copy of a site can be created from the original
    by saving all the publicly accessible pages,
    images, and scripts from a site to another
    server. (Miguels Demo)
  • Can be done automated by using programs called
    spiders

8
Different types of Web Spoofing
  • Subdomain Spoofing
  • Normal subdomain http//subdomain.domain.com
  • Tricking internet user that they are on the
    correct URL
  • Make the URL long enough so that the user cannot
    see the entire URL
  • And more
  • IP Address as URL, Email with HTML attached,
    Frameless Pop-up, and more

9
How to detect a spoofed webpage
  • URL (this is the easiest way to detect the
    attack!)
  • Triple check the spelling of the URL
  • Look for small differences such as a hyphen (-)
    or an underscore (e.g. suntrust.com vs.
    sun-trust.com)
  • Mouse over message (careful this can be spoofed
    too!)
  • Beware of pages that use server scripting such as
    php these tools make it easy to obtain your
    information.
  • Beware of javascripting as well.
  • Beware of longer than average load times.

10
Signs that you may have been a victim
  • If an unexpected error occurs, you may be a
    victim of web spoofing (sorry) (This relates to
    Dr. Burmester's example of the fake ATM's)
  • If you have to click submit buttons repeatedly.
    (class example)
  • If you have to enter your password repeatedly
    (class example)
  • If there is any redirection to other webpages.

11
Stats of Web Spoofing
  • Web spoofing is increasing at a rapid pace
  • According to a study by Gartner Research
  • Two million users gave such information to
    spoofed web sites.
  • About 1.2 billion direct losses to U.S. Bank and
    credit card issuers in 2003
  • And about 400 million to 1 billion losses from
    the victims
  • Archives of reported scams
  • http//www.millersmiles.co.uk/archives.php

12
Gartner Research - Graph
13
Resources
  • Web Spoofing Internet Con Game -
    http//www.cs.princeton.edu/sip/pub/spoofing.pdf
  • Web Spoofing 2001 - http//www.cs.dartmouth.edu/p
    kilab/demos/spoofing/tr.pdf What is Web Spoofing
    - http//www.washington.edu/computing/windows/issu
    e22/spoofing.html
  • How Web Spoofing Works - http//www.systemexperts.
    com/tutors/webspoof.pdf
  • Different types of spoofing - http//www.articsoft
    .com/wp_spoofing.htm
  • Archives of Web Spoofing - http//www.millersmiles
    .co.uk/archives.php
  • TrustBar Protecting Web User -
    http//www.cs.biu.ac.il/herzbea/Papers/ecommerce/
    spoofing.htm
Write a Comment
User Comments (0)
About PowerShow.com