|
|
|
|
|
|
|
|||
|
|
|||
|
|
|
|
|
|
|
|||
|
|
|||
|
|
|||
|
||||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
Spoofing, spoofs and spoof, all describe a situation in which an environment around a potential scam victim (person, computer or program) is successfully “masqueraded” as another. Once the false reality is accepted, the spoofer can get access to banking accounts, or other sensitive information. “phishing” is known type of spoofing internet fraud
The original conception of spoofs were and are humorous, often satirical parodies of known art, films, famous persons and so on. The word "Spoof” comes from a game involving trickery and nonsense invented by Arthur Roberts, an English comedian. ( As in Spaceballs, a spoof of Star Wars, Star Trek, and science fiction in general. Or the recent matrix spoof movie with bill gates acting as Morpheus on the opening night of the Comdex information technology trade show in Las Vegas, enjoy the picture below )
Bill Gates as Morpheus
The trickery and exploding game of spoofing on the internet today isn’t always quite as funny!
So what is Spoofing, and what does it have to do with phishing? Phishing is usually promoted through email spamming. However, to set an environment which gives confidence for the phisher, spoofing is usually used to give the URL, Senders address and the out going link a credible look. A look to get you to bite the hook!
Header forgery spoofing which it is often called, refers to the insertion of false or misleading information in email or netnews headers. Falsified headers are used to mislead the recipient, or network applications, as to the origin of a message. This is a common technique of phishers, spammers and sporgers, who wish to conceal the origin of their messages to avoid being tracked down and to complete the illusion. Less fraudulently, some netnews users place obviously false email addresses in their headers to avoid spam or other unwanted responses.
Phishers have some common tricks that usually are used to get their victim believing in the scam scheme:
The status line is a single line of text at the bottom of the browser window
that displays various messages, typically about the status of pending Web
transfers.
The phishing attack leaves two kinds of evidence on the status line. First,
when the mouse is held over a Web link, the status line displays the URL the
link points to. Thus, the victim might notice that a URL has been rewritten.
Second, when a page is being fetched, the status line briefly displays the
name of the server being contacted. Thus, the victim might notice that www.evilhacker.org
is displayed when some other name was expected.
The phisher can cover up both of these cues by adding a JavaScript program
to every rewritten page. Since JavaScript programs can write to the status
line, and since it is possible to bind JavaScript actions to the relevant
events, the attacker can arrange things so that the status line participates
in the con game, always showing the victim what would have been on the status
line in the real Web. This makes the spoofed context even more convincing.
The browser’s location line displays the URL of the page currently being
shown. The victim can also type a URL into the location line, sending the
browser to that URL. The attack as described so far causes a rewritten URL
to appear in the location line, giving the victim a possible indication that
an attack is in progress.
This clue can be hidden using JavaScript. A JavaScript program can hide the real location line and replace it by a fake location line that looks right and is in the expected place. The fake location line can show the URL the victim expects to see. The fake location line can also accept keyboard input, allowing the victim to type in URLs normally. The JavaScript program can rewrite typed-in URLs before they are accessed.
Popular browsers offer a menu item that allows the user to examine the HTML
source for the currently displayed page. A user could possibly look for rewritten
URLs in the HTML source, and could therefore spot the attack.
The attack can prevent this by using JavaScript to hide the browser’s
menu bar, replacing it with a menu bar that looks just like the original.
If the user chose “view document source” from the spoofed menu
bar, the attacker would open a new window to display the original (non-rewritten)
HTML source.
A related clue is available if the victim chooses the browser’s “view
document information” menu item. This will display information including
the document’s URL. As above, this clue can be spoofed by replacing
the browser’s menu bar. This leaves no remaining visible clues to give
away the attack.