Got a tip? Let us know

                 


Phishing attacks part2-Web spoofing

May 06,2017 6 comments

A complete phishing attack involves three roles of phishers. To begin with, as discussed in the first article, mailers send out a large number of scam emails (usually through infected computers controlled as a group: botnets), which direct users to fraudulent websites.Secondly, collectors set up fraudulent websites (usually hosted on compromised machines), which actively prompt users to provide confidential information. Finally, cashers use the confidential information to achieve a payout. In this article, we shall discuss the second step, the fraudulent websites.

A phisher could forge a website that looks similar to a legitimate website, so that unsuspecting victims may think that it is the genuine website and enter their passwords and personal information, which is collected by the phisher. With the advancements and simplicity of web development languages such as HTML, front-end codes could simply be cloned to achieve the look of a particular website. A little bit of web programming in Html and/or PHP is necessary to redirect user's input into a file or database, then show a “website under maintenance" notice. Some proxy software such as squid or Fiddler2 could be extended to create a fully functional clone. Users can successfully sign in and use all the services provided by the original website, while all the inputs are collected by the server, and all the pages may be modified by the server.

Once a forged website is online, the phisher must make potential victims visit it and there are very many ways to achieve this.As discussed in the first article, they may send spoofed emails with a link to the forged website.Register a domain that is a common typo of a popular website. For example, register paypel.com and create a forged paypal.com.Register the same domain name in a different top-level domain (TLD). Sometimes people will type in their country-specific TLD and expect to get a “customized local" version of the website. For example, register gmail.com.ke and create a simplified-Kenyan forged version of gmail.com.Do search engine optimizationUse pharming

Modern web browsers, however, have certain built-in security indicators that can protect users from phishing scams, including domain name highlighting and https indicators. However, they are often neglected by users.

Domain name highlighting

Consider the following images.

 highlighted domain highlighted domains

The above-highlighted domains show that they are different sites.

Phishers tend to use misleading addresses, such as https://www.etax.go.ke instead of the correct https://www.itax.go.ke to deceive users. Domain name highlighting can save you. The idea behind it is simple: the domain name of an address is highlighted in the address bar so that users can inspect it to determine a web site's legitimacy. With domain name highlighting, users can easily interpret the address and identify the current website at a glance. With domain name highlighting, most web spoofing attacks can be identified unless the phisher is using pharming.

 

Browser security indicator: HTTPS padlock

https padlock

A padlock icon appears in address bar when visiting an https website

HTTPS is a combination of Hypertext Transfer Protocol and Transport Layer Security. It provides encryption and identification through public key infrastructure (PKI) a technical technique for sharing encryption keys. Modern web browsers display a padlock icon when visiting an https website.This technique, however, is not as effective as you might think. Almost all security indicators commonly used by browsers to indicate a “secure connection” can be spoofed. Research has it that it is almost impossible to design a static indicator that cannot be copied under any domain name without https.

Dynamic skins is also a method to be a good method. The idea is that the website server generates a unique abstract image for each user, and the web browser also independently computes the same image. The algorithm ensures that a phisher cannot predict this image. The user just needs to compare these two images; if they are identical, the server is legitimate

Security and its other side, insecurity are concepts that continuously evolve. So within a short span of time, even the measures we have will be overcome. For now, even if there is no surest way to ensure website security non-vulnerable to spoofing, we should embrace the few measures we have to help curb the malice.

 

 



Michael Jaroya

He is a technology enthusiast, a writer, and motivator.An individual with the love for humanity..


More in this category: Denial of service (DoS) attacks »


Comments

مران النادى الاهلى - May 13,2017 at 08:04 am
Hi there,I read your blog named "Phishing attacks part2-Web spoofing" regularly.Your story-telling style is witty, keep it up! And you can look our website about مران النادى الاهلى..
importance of education - May 15,2017 at 11:48 am
Hi there everyone, it's my first visit at this website, and paragraph is actually fruitful designed for me, keep up posting these types of content..
online education - May 16,2017 at 08:33 pm
Very nice post. I just stumbled upon your blog and wanted to say that I've truly enjoyed browsing your blog posts. After all I will be subscribing to your rss feed and I hope you write again very soon!.
education online - May 18,2017 at 07:14 am
After looking over a few of the articles on your website, I seriously like your way of blogging. I saved as a favorite it to my bookmark webpage list and will be checking back in the near future. Please check out my website as well and let me know your opinion..
online learning - May 19,2017 at 03:41 pm
I got this web site from my pal who told me concerning this website and now this time I am visiting this web page and reading very informative content here..
career guidance - May 21,2017 at 12:17 am
That is a really good tip particularly to those fresh to the blogosphere. Short but very precise information… Appreciate your sharing this one. A must read article!.

Add Comment