PRESENTED BY:

WHAT IS SPOOFING ??
Spoofing means, pretending to be something, you are not.

WEB SPOOFING
Online Fraud Attacker create a shadow copy of the entire world wide web to get the personal information about the user, such as passwords or account numbers etc.

What is Web Spoofing

Pretending to be a legitimate site Attacker creates convincing but false copy of the site Stealing personal information such as login ID, password, credit card, bank account, and much more. aka Phishing attack False Web looks and feels like the real one Attacker controls the false web by surveillance Modifying integrity of the data from the victims

STARTING THE ATTACK

The attacker must somehow lure the victim into the attackers false web. An attacker could put a link to false Web onto popular Web page. If the victim is using Web-enabled email, the attacker could email the victim a pointer to false Web.

Have you ever received an e-mail that looked like this?

From: Bank of America To: John Doe Subject: Your Online Banking Account is Inactive Your Online Banking Account is Innactive We closed your online access for security reasons.

Click here to access your account We must verify your account information.
Bank of America, N.A. Member FDIC. Equal Housing Lender 2004 Bank of America Corporation. All rights reserved.

CONSEQUENCES
Surveillance the attacker can passively watch the traffic, recording which pages the victim visits and the contacts of those pages. (This allows the attacker to observe any account numbers or passwords the victim enters.) Tampering the attacker can modify any of the data traveling in either direction between the victim and the Web. (The attacker would change the product number, quantity or ship to address.)

HOW THE ATTACK WORKS ??

URL REWRITING FORMS SECURE CONNECTION

 The attackers first trick is to rewrite all of the URLs on some web page so that they point to the attackers server rather than the real server. Assuming the attackers server is on the machine www.attacker.org, the attacker rewrites a URL by adding http://www.attacker.org to the front of the URL. For example, http://home.netscape.com becomes http://www.attacker.org/http://home.netscape.c om. Once the attackers server has fetched the real document needed to satisfy the request, the attacker rewrites all of the URLs. in the document into the same special form. Then the attackers server provides the rewritten page to the victims browser. If the victim fallows a link on the new page, the victim remains trapped in the attackers false web.

URL Rewriting

C0NTINUED

Forms
When the victim submits a form, the submitted data goes to the attackers server. The attackers server can observe and even modify the submitted data, doing whatever malicious editing desired, before passing it on to the real server.

 Secure Connections
The victims browser says it has secure connection because it does have one. Unfortunately the secure connection I to the www.attacker.org and not the place the victim is think it is. The victims browser think everything is fine: it was told to access a URL at www.attacker.org. the secure connection indicator only gives the victim a false sense of security.

Signs that you may have been a victim

If an unexpected error occurs, you may be a victim of web spoofing (sorry) (This relates to Dr. Burmester's example of the fake ATM's) If you have to click submit buttons repeatedly. (class example) If you have to enter your password repeatedly (class example) If there is any redirection to other webpages.

How to detect a spoofed webpage

URL (this is the easiest way to detect the attack!)
Triple check the spelling of the URL Look for small differences such as a hyphen (-) or an underscore (e.g. suntrust.com vs. suntrust.com)

Mouse over message (careful: this can be spoofed too!) Beware of pages that use server scripting such as php these tools make it easy to obtain your information. Beware of javascripting as well. Beware of longer than average load times.

 Dont take anything for granted. Do not click on links you receive in an e-mail message asking for sensitive personal, financial or account information. Call the company directly to confirm requests for updating or verifying personal or account information. Do not share your IDs or pass codes with anyone. Look for secure connections on Web sites. Always sign off Web sites or secure areas of Web Sites. When your computer is not in use, shut it down or disconnect it from the Internet.

 disable JavaScript in your browser so the attacker will be unable to hide the evidence of the attack;
make sure your browsers location line is always visible;

pay attention to the URLs displayed on your browsers location line, making sure they always point to the server you think youre connected to.

CONCLUSION
No doubt, we are living in the 21st century and internet has become our need. Although there are many secure connections on the web, but still its not guaranteed that our personal data is secure. So a small mistake can create a big pain.