Website spoofing
This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)
|
Website spoofing is the act of creating a
Another technique is to use a 'cloaked' URL.[3] By using domain forwarding, or inserting control characters, the URL can appear to be genuine while concealing the actual address of the malicious website. Punycode can also be used for this purpose. Punycode-based attacks exploit the similar characters in different writing systems in common fonts. For example, on one large font, the greek letter tau (τ) is similar in appearance to the latin undercase letter t. However, the greek letter tau is represented in punycode as 5xa, while the latin undercase letter is simply represented as t, since it is present on the ASCII system. In 2017, a security researcher managed to register the domain xn--80ak6aa92e.com and have it show on several mainstream browsers as apple.com. While the characters used didn't belong to the latin script, due to the default font on those browsers, the end result was non-latin characters that were indistinguishable from those on the latin script.[4][5]
The objective may be fraudulent, often associated with
As an example of the use of this technique to
Prevention tools
Anti-phishing software
Spoofed websites predominate in efforts developing anti-phishing software though there are concerns about their effectiveness. A majority of efforts are focused on the PC market leaving mobile devices lacking. You can see from the table below that few user studies have been run against the current tools in the market.[9]
Tool | Communication media | Device | Countermeasure type | Performance metrics | User study conducted? |
Anti-phish | Website/browser add-on | PC | Profile matching /usage history | - | - |
BogusBiter | Website/browser add-on | PC | Client server authentication | Page load delay | No |
Cantina+ | Website/browser add-on | PC | Machine learning /classification | TPR ≈ 0.92
FPR ≈ 0.040 |
No |
Quero | Website/browser add-on | PC | Text mining /regular expressions | - | - |
Itrustpage | Website/browser add-on | PC | Profile matching/ blacklist | Accuracy=0.98 | Yes |
SpoofGuard | Website | PC | Profile matching / pattern | TPR≈0.972,
Accuracy≈0.67 |
No |
PhishZoo | Website | PC | Profile matching/ pattern | Accuracy≈0.96,
FPR≈0.01 |
No |
B-APT | Website | PC | Machine learning/
classification |
Page load delay
≈ 51.05ms, TPR≈1,FP≈0.03 |
No |
PhishTester | Website | PC | Profile matching/ pattern | FNR≈0.03, FPR≈0 | No |
DOM AntiPhish | Website | PC | Profile matching/ layout | FNR≈0, FPR≈0.16 | No |
GoldPhish | Website | PC | Search engines | TPR≈0.98,FPR≈0.02 | No |
PhishNet | Website | PC | Profile matching /blacklist | FNR≈0.05,
FPR≈0.03 |
No |
PhorceField | Website | PC | Client server authentication | Bits of Security Lost per user = 0.2 | Yes |
PassPet | Website | PC | Profile matching/ usage history | Security and Usability | Yes |
PhishGuard | Website | PC | Client server authentication | - | - |
PhishAri | Social network | PC | Machine learning /classification | Precision = 0.95,
Recall = 0.92 |
Yes |
MobiFish | Mobile | Smart Phone | Profile matching/ layout | TPR≈1 | No |
AZ-protect | Website | PC | Machine learning /classification | Precision = 0.97,
Recall = 0.96 |
No |
eBay AG | Website/browser add-on | PC | Machine learning /classification | Precision = 1,
Recall = 0.55 |
No |
Netcraft | Website/browser add-on | PC | Profile matching /blacklist | Precision = 0.99,
Recall =0.86 |
No |
EarthLink | Website/browser add-on | PC | Profile matching /blacklist | Precision = 0.99,
Recall = 0.44 |
No |
IE Filter | Website/browser add-on | PC | Profile matching /blacklist | Precision = 1,
Recall = 0.75 |
No |
FirePhish | Website/browser add-on | PC | Profile matching /blacklist | Precision = 1,
Recall = 0.77 |
No |
Sitehound | Website/browser add-on | PC | Profile matching /blacklist | Precision = 1,
Recall = 0.23 |
No |
DNS filtering
DNS is the layer at which
See also
- Email spoofing – Creating email spam or phishing messages with a forged sender identity or address
- Fake news website – Website that deliberately publishes hoaxes and disinformation
- Login spoofing – Techniques used to steal a user's password
- Phishing – Form of social engineering
- Spoofing attack – Cyber attack in which a person or program successfully masquerades as another by falsifying data
- Referer spoofing – Practice in HTTP networking of intentionally sending incorrect referer information
References
- ^ "Spoof website will stay online", BBC News, 29 July 2004
- ^ "Web Spoofing: An Internet Con Game" (PDF). Archived from the original (PDF) on 2017-10-12. Retrieved 2023-05-05.
- ^ Anti-Phishing Technology" Archived 2007-09-27 at the Wayback Machine, Aaron Emigh, Radix Labs, 19 January 2005
- ^ "That apple.com link you clicked on? Yeah, it's actually Russian". www.theregister.com.
- ^ "Google is fixing a Chrome flaw that makes phishing easy". 17 April 2017.
- ^ "HMRC phishing and scams: detailed information". Retrieved 2023-11-01.
- ^ "Scam calls". Retrieved 2023-11-01.
- ^ "Fake Sites Insist Microsoft Bought Firefox", Gregg Keizer, InformationWeek, 9 November 2006
- ^ ISSN 0167-4048.
- ^ "Dark Reading | Security | Protect The Business - Enable Access". Dark Reading. Retrieved 2018-06-29.