 | This article needs to beupdated. Please help update this article to reflect recent events or newly available information.(June 2022) |
Aspoofed URL involves onewebsite masquerading as another, often leveraging vulnerabilities in web browser technology to facilitate a malicious computer attack. These attacks are particularly effective against computers that lack up-to-date security patches. Alternatively, some spoofed URLs are crafted for satirical purposes.
In such an attack scenario, an unsuspectingcomputer user visits a website and observes a familiarURL, like http://www.wikipedia.org, in the address bar. However, unbeknownst to them, the information they input is being directed to a completely different location, usually monitored by an information thief. When a fraudulent website requests sensitive information, it's referred to asphishing.
These fraudulentwebsites often entice users throughemails orhyperlinks.
In a different variation, a website might resemble the original but is, in reality, a parody. These instances are generally harmless and conspicuously distinct from the genuine sites, as they typically do notexploitweb browser vulnerabilities.
Another avenue for theseexploits involves redirects within a host's file, rerouting traffic from legitimate sites to an alternateIP associated with the spoofed URL.[1]
Spoofing is the act of deception or hoaxing.[2]URLs are the address of a resource (as a document or website) on the Internet that consists of a communications protocol followed by the name or address of a computer on the network and that often includes additional locating information (as directory and file names).[3] Simply, a spoofed URL is a web address that illuminates an immense amount of deception through its ability to appear as an original site, despite it not being one. In order to prevent falling victim to the prevalent scams stemmed from the spoofed URLs, majorsoftware companies have come forward and advised techniques to detect and prevent spoofed URLs.
SpoofedURLs, a universal defining identity forphishing scams, pose a serious threat to end-users and commercial institutions.Email continues to be the favorite vehicle to perpetrate such scams mainly due to its widespread use combined with the ability to easily spoof them.[4] Several approaches, both generic and specialized, have been proposed to address this problem. However, phishing techniques, growing in ingenuity as well as sophistication, render these solutions weak. In order to prevent users from future victimization stemmed from a spoofed URL,Internetvigilantes have published numerous tips to help users identify a spoof.
The most common are: using authentication based on key exchange between the machines on yournetwork, using an access control list to deny privateIP addresses on your downstream interface, implementingfilters of both inbound and outbound traffic, configuringrouters and switches if they support such configuration, to reject packets originating from outside the local network that claim to originate from within, and enableencryption sessions in the router so that trusted hosts that are outside your network can securely communicate with your local hosts.[5] Ultimately, protection comes from the individual user. Keeping up with new spoofing techniques or scams will readily allow one to identify a scam and most importantly keep information secure and personal.
PayPal, ane-commerce business allows money transactions to be made through the Internet and is a common target for spoofed URLs. Thisforgery of a legitimate PayPal website allowshackers to gain personal and financial information and thus, steal money through fraud. Along with spoof or fake emails that appear with generic greetings, misspellings, and a false sense of urgency, spoofed URLs are an easy way for hackers to violate one’s PayPal privacy. For example, www.paypalsecure.com, includes the name, but is a spoofed URL designed to deceive. Remember to always log into PayPal through a new windowbrowser and never log in through email. In the case that you do receive a suspected spoofed URL, forward the entire email to spoof@PayPal.com to help prevent the URL from tricking other PayPal users.[6]
A majorcrime associated with spoofed URLs isidentity theft. The thief will create awebsite very similar in appearance to that of a popular site, then when a user accesses the spoofed URL, they can inadvertently give the thief theircredit card and personal details. Their spoofed URLs might use “too good to be true” prices to lure more and more looking for a good deal. Crimes like these happen quite often, and most frequently during the festive holidays and other heavy online shopping periods of the year.[7]
Another crime associated with spoofed URLs is setting up a fake anti-malware software. An example of this would beRansomware, fake anti-malware software that locks up important files for the computer to run, and forces the user to pay a ransom to get the files back. If the user refuses to pay after a certain period of time, the Ransomware will delete the files from the computer, essentially making the computer unusable. Ads for these programs usually appear on popular websites, such as dating sites or social media sites likeFacebook andTwitter. They can also come in the form of attachments to emails.Phishing scams are also another major way that users can get tricked into scams (see below).
Phishing is ascam by which ane-mail user is duped into revealing personal or confidential information which the scammer can use illicitly.[8] Phishing is the action of fraudsters sending an email to an individual, hoping to seek private information used for identity theft, by falsely asserting to be a reputable legal business. Phishing is performed through emails containing a spoofed URL, which links them to a website. Since it usually appears in the form on an email, it is crucial to not rely just on the address in the “from” field in order to prevent phishing. Computer users should also look out for spelling mistakes within the website's URLs, as this is another common sign to look out for in a phishing email.[9] The website whose URLs are in the e-mails requests individuals to enter personal information so businesses can update it in their system. This information often includes passwords, credit card numbers, social security, and bank account numbers. In turn, the email recipients are giving these fake businesses their information the real businesses already have.