Presentation is loading. Please wait.

Presentation is loading. Please wait.

WEB SPOOFING by Miguel and Ngan. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed.

Published byConrad Doyle Modified over 9 years ago

Similar presentations

Presentation on theme: "WEB SPOOFING by Miguel and Ngan. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed."— Presentation transcript:

1 WEB SPOOFING by Miguel and Ngan

2 Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed page Signs that you have been a victim Stats of Web Spoofing Conclusion Questions

3 What is Web Spoofing Pretending to be a legitimate site Attacker creates convincing but false copy of the site Stealing personal information such as login ID, password, credit card, bank account, and much more. aka Phishing attack False Web looks and feels like the real one Attacker controls the false web by surveillance Modifying integrity of the data from the victims

4 How the attack works Explain demo…

5

6 Different types of Web Spoofing DNS server spoofing attack One of the most complex types of attack Alter a domain name to point to different IP address Redirect to a different server hosting a spoofed site

7 Different types of Web Spoofing Content theft A copy of a site can be created from the original by saving all the publicly accessible pages, images, and scripts from a site to another server. (Miguel’s Demo) Can be done automated by using programs called “spiders”

8 Different types of Web Spoofing Subdomain Spoofing Normal subdomain: http://subdomain.domain.com Tricking internet user that they are on the correct URL Make the URL long enough so that the user cannot see the entire URL And more… IP Address as URL, Email with HTML attached, Frameless Pop-up, and more…

9 How to detect a spoofed webpage URL (this is the easiest way to detect the attack!) Triple check the spelling of the URL Look for small differences such as a hyphen (-) or an underscore (e.g. suntrust.com vs. sun-trust.com) Mouse over message (careful: this can be spoofed too!) Beware of pages that use server scripting such as php these tools make it easy to obtain your information. Beware of javascripting as well. Beware of longer than average load times.

10 Signs that you may have been a victim If an unexpected error occurs, you may be a victim of web spoofing (sorry) (This relates to Dr. Burmester's example of the fake ATM's) If you have to click submit buttons repeatedly. (class example) If you have to enter your password repeatedly (class example) If there is any redirection to other webpages.

11 Stats of Web Spoofing Web spoofing is increasing at a rapid pace According to a study by Gartner Research Two million users gave such information to spoofed web sites. About $1.2 billion direct losses to U.S. Bank and credit card issuers in 2003 And about $400 million to $1 billion losses from the victims Archives of reported scams http://www.millersmiles.co.uk/archives.php

12 Gartner Research - Graph

13 Resources Web Spoofing: Internet Con Game - http://www.cs.princeton.edu/sip/pub/spoofing.pdf Web Spoofing 2001 - http://www.cs.dartmouth.edu/~pkilab/demos/spoofing/tr.pdf What is Web Spoofing - http://www.washington.edu/computing/windows/issue22/spoofing.html How Web Spoofing Works - http://www.systemexperts.com/tutors/webspoof.pdf Different types of spoofing - http://www.articsoft.com/wp_spoofing.htm Archives of Web Spoofing - http://www.millersmiles.co.uk/archives.php TrustBar: Protecting Web User - http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/spoofing.htm

Download ppt "WEB SPOOFING by Miguel and Ngan. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed."

Similar presentations

Phishing Scams use spoofed emails and websites as lures to prompt people to voluntarily hand over sensitive information Phishing emails may contain.

Phishing Scams use spoofed s and websites as lures to prompt people to voluntarily hand over sensitive information Phishing s may contain.
Keeping Your Identity Your Own Amy Ginther, Project NEThics Coordinator OIT Town Meeting August 24, 2005.

Keeping Your Identity Your Own Amy Ginther, Project NEThics Coordinator OIT Town Meeting August 24, 2005.
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.

BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
Internet Safety Prevents ID Theft Business Law II Chapter 33.

Internet Safety Prevents ID Theft Business Law II Chapter 33.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.

Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.

Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
Jason Rich CIS - 158 1.  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.

Jason Rich CIS  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.
PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques.

PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.

October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.
Does Domain Highlighting Help People Identify Phishing Sites? Eric Lin, Saul Greenberg Eileah Trotter, David Ma & John Aycock University of Calgary.

Does Domain Highlighting Help People Identify Phishing Sites? Eric Lin, Saul Greenberg Eileah Trotter, David Ma & John Aycock University of Calgary.
1 Phishing the Open Net Lure 101 Zane Brys, Nicholas Bingell,and Omar Heniene.

1 Phishing the Open Net Lure 101 Zane Brys, Nicholas Bingell,and Omar Heniene.
URL Obscuring COEN 152/252 Computer Forensics  Thomas Schwarz, S.J. 2004.

URL Obscuring COEN 152/252 Computer Forensics  Thomas Schwarz, S.J

Similar presentations

Ads by Google