1 / 13

WEB SPOOFING

WEB SPOOFING. by Miguel and Ngan. Content. Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed page Signs that you have been a victim Stats of Web Spoofing Conclusion Questions. What is Web Spoofing.

russ
Télécharger la présentation

WEB SPOOFING

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WEB SPOOFING by Miguel and Ngan

  2. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed page Signs that you have been a victim Stats of Web Spoofing Conclusion Questions

  3. What is Web Spoofing • Pretending to be a legitimate site • Attacker creates convincing but false copy of the site • Stealing personal information such as login ID, password, credit card, bank account, and much more. aka Phishing attack • False Web looks and feels like the real one • Attacker controls the false web by surveillance • Modifying integrity of the data from the victims

  4. How the attack works Explain demo…

  5. Different types of Web Spoofing • DNS server spoofing attack • One of the most complex types of attack • Alter a domain name to point to different IP address • Redirect to a different server hosting a spoofed site

  6. Different types of Web Spoofing • Content theft • A copy of a site can be created from the original by saving all the publicly accessible pages, images, and scripts from a site to another server. (Miguel’s Demo) • Can be done automated by using programs called “spiders”

  7. Different types of Web Spoofing • Subdomain Spoofing • Normal subdomain: http://subdomain.domain.com • Tricking internet user that they are on the correct URL • Make the URL long enough so that the user cannot see the entire URL • And more… • IP Address as URL, Email with HTML attached, Frameless Pop-up, and more…

  8. How to detect a spoofed webpage • URL (this is the easiest way to detect the attack!) • Triple check the spelling of the URL • Look for small differences such as a hyphen (-) or an underscore (e.g. suntrust.com vs. sun-trust.com) • Mouse over message (careful: this can be spoofed too!) • Beware of pages that use server scripting such as php these tools make it easy to obtain your information. • Beware of javascripting as well. • Beware of longer than average load times.

  9. Signs that you may have been a victim • If an unexpected error occurs, you may be a victim of web spoofing (sorry) (This relates to Dr. Burmester's example of the fake ATM's) • If you have to click submit buttons repeatedly. (class example) • If you have to enter your password repeatedly (class example) • If there is any redirection to other webpages.

  10. Stats of Web Spoofing • Web spoofing is increasing at a rapid pace • According to a study by Gartner Research • Two million users gave such information to spoofed web sites. • About $1.2 billion direct losses to U.S. Bank and credit card issuers in 2003 • And about $400 million to $1 billion losses from the victims • Archives of reported scams • http://www.millersmiles.co.uk/archives.php

  11. Gartner Research - Graph

  12. Resources • Web Spoofing: Internet Con Game - http://www.cs.princeton.edu/sip/pub/spoofing.pdf • Web Spoofing 2001 - http://www.cs.dartmouth.edu/~pkilab/demos/spoofing/tr.pdf What is Web Spoofing - http://www.washington.edu/computing/windows/issue22/spoofing.html • How Web Spoofing Works - http://www.systemexperts.com/tutors/webspoof.pdf • Different types of spoofing - http://www.articsoft.com/wp_spoofing.htm • Archives of Web Spoofing - http://www.millersmiles.co.uk/archives.php • TrustBar: Protecting Web User - http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/spoofing.htm

More Related