Website spoofing

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Website spoofing is the act of creating a website, as a hoax, with the intention of misleading readers that the website has been created by a different person or organization. Normally, the spoof website will adopt the design of the target website and sometimes has a similar URL.[1] A more sophisticated attack results in an attacker creating a "shadow copy" of the World Wide Web by having all of the victim's traffic go through the attacker's machine, causing the attacker to obtain the victim's sensitive information.[2]

Another technique is to use a 'cloaked' URL.[3] By using domain forwarding, or inserting control characters, the URL can appear to be genuine while concealing the address of the actual website.

The objective may be fraudulent, often associated with phishing or e-mail spoofing, or to criticize or make fun of the person or body whose website the spoofed site purports to represent. Because the purpose is often malicious, "spoof" (an expression whose base meaning is innocent parody) is a poor term for this activity so that more accountable organisations such as government departments and banks tend to avoid it, preferring more explicit descriptors such as "fraudulent" or "phishing".[4]

As an example of the use of this technique to parody an organisation, in November 2006 two spoof websites, www.msfirefox.com and www.msfirefox.net, were produced claiming that Microsoft had bought Firefox and released "Microsoft Firefox 2007."[5]

Prevention Tools[edit]

Anti-Phishing Software[edit]

Spoofed websites predominate in efforts developing anti-phishing software though there are concerns about their effectiveness. A majority of efforts are focused on the PC market leaving mobile devices lacking You can see from the table below that few user studies have been run against the current tools in the market. [6]

A comparison of anti-phishing tools in 2004.[6]
Tool Communication media Device Countermeasure type Performance metrics User study conducted?
Anti-phish Website/browser add-on PC Profile matching /usage history - -
BogusBiter Website/browser add-on PC Client server authentication Page load delay No
Cantina+ Website/browser add-on PC Machine learning /classification TPR ≈ 0.92

FPR ≈ 0.040

No
Quero Website/browser add-on PC Text mining /regular expressions - -
Itrustpage Website/browser add-on PC Profile matching/ blacklist Accuracy=0.98 Yes
SpoofGuard Website PC Profile matching / pattern TPR≈0.972,

Accuracy≈0.67

No
PhishZoo Website PC Profile matching/ pattern Accuracy≈0.96,

FPR≈0.01

No
B-APT Website PC Machine learning/

classification

Page load delay

≈ 51.05ms,

TPR≈1,FP≈0.03

No
PhishTester Website PC Profile matching/ pattern FNR≈0.03, FPR≈0 No
DOM AntiPhish Website PC Profile matching/ layout FNR≈0, FPR≈0.16 No
GoldPhish Website PC Search engines TPR≈0.98,FPR≈0.02 No
PhishNet Website PC Profile matching /blacklist FNR≈0.05,

FPR≈0.03

No
PhorceField Website PC Client server authentication Bits of Security Lost per user = 0.2 Yes
PassPet Website PC Profile matching/ usage history Security and Usability Yes
PhishGuard Website PC Client server authentication - -
PhishAri Social network PC Machine learning /classification Precision = 0.95,

Recall = 0.92

Yes
MobiFish Mobile Smart Phone Profile matching/ layout TPR≈1 No
AZ-protect Website PC Machine learning /classification Precision = 0.97,

Recall = 0.96

No
eBay AG Website/browser add-on PC Machine learning /classification Precision = 1,

Recall = 0.55

No
Netcraft Website/browser add-on PC Profile matching /blacklist Precision = 0.99,

Recall =0.86

No
EarthLink Website/browser add-on PC Profile matching /blacklist Precision = 0.99,

Recall = 0.44

No
IE Filter Website/browser add-on PC Profile matching /blacklist Precision = 1,

Recall = 0.75

No
FirePhish Website/browser add-on PC Profile matching /blacklist Precision = 1,

Recall  = 0.77

No
Sitehound Website/browser add-on PC Profile matching /blacklist Precision = 1,

Recall = 0.23

No

DNS Filtering[edit]

DNS is the layer at which botnets control drones. In 2006, OpenDNS began offering a free service to prevent users from entering website spoofing sites. Essentially, OpenDNS has gathered a large database from various anti-phishing and anti-botnet organizations as well as its own data to compile a list of known website spoofing offenders. When a user attempts to access one of these bad websites, they are blocked at the DNS level. APWG statistics show that most phishing attacks use URLs, not domain names, so there would be a large amount of website spoofing that OpenDNS would be unable to track. At the time of release, OpenDNS is unable to prevent unnamed phishing exploits that sit on Yahoo, Google etc.[7]

See also[edit]

References[edit]

  1. ^ "Spoof website will stay online", BBC News, 29 July 2004
  2. ^ http://www.cs.princeton.edu/sip/pub/spoofing.pdf
  3. ^ Anti-Phishing Technology", Aaron Emigh, Radix Labs, 19 January 2005
  4. ^ See e.g. [1] or [2]
  5. ^ "Fake Sites Insist Microsoft Bought Firefox", Gregg Keizer, InformationWeek, 9 November 2006
  6. ^ a b "Phishing environments, techniques, and countermeasures: A survey". Computers & Security. 68: 280. July 2017. doi:10.1016/s0167-4048(04)00129-4. ISSN 0167-4048 – via ScienceDirect. 
  7. ^ "Dark Reading | Security | Protect The Business - Enable Access". Dark Reading. Retrieved 2018-06-29.