Newly Discovered URL Spoofing Trick Affects I.E. and Safari 11/1/2004 - 1,749 views, 6 Comments
|
Previous Article « Coming to an ATM Near You: the Blue Screen of Death
Read Next Article » Court Says ISPs Must Advise Customers Before Providing Their Information to Third Parties Under Subpoena
A newly discovered URL spoofing trick can affect anyone using I.E. versions up to and including 6.0.2800.1106, and Safari for Mac. (IE version 6.0.2900, Mozilla, and Firefox are not affected.) The way that it works is that it allows the display of one URL, while when clicked, the user is actually taken to another site. While it does not mask the real URL of the landing site up in the address bar, if misused intentionally by malicious spoofers, particularly those phishing for information, an unwary user may not note the URL in the address bar, or catch minor differences in spelling. Here is such a redirecting URL in practice: Go ahead, click on it… …it took you right back here, didn’t it? Even though it looked like you were going to go to Amazon’s website. At present time it seems that the only choices for avoiding this spoof are either upgrading, switching browsers, or educating users. Of course, users should already know to never click a URL sent in spam, and should also be wary of sites not run by reputable companies.
http://www.amazon.com
Previous Article « Coming to an ATM Near You: the Blue Screen of Death
Read Next Article » Court Says ISPs Must Advise Customers Before Providing Their Information to Third Parties Under Subpoena
|
|
Email the link for this page to a friend! |
Read more:
» Has Safari Suddenly Appeared on Your Windows XP or Windows Vista Machine? Surprise!
» Apple Releases New Batch of Patches, Fixes International Domain Names Phishing Flaw in Safari
» Windows Media and Outlook Express Both at High Risk
For additional similar stories check out our archives on Everything Else
A newly discovered URL spoofing trick can affect anyone using I.E. versions up to and including 6.0.2800.1106, and Safari for Mac. (IE version 6.0.2900, Mozilla, and Firefox are not affected.) The way that it works is that it allows the…
Comment by Lockergnome's IT Professionals — 11/1/2004 @ 11:27 pm
One way I saw is that if you right click on the link then it will display the real link in the lower left corner of the ie screen on version 6
Comment by Marcos — 11/2/2004 @ 5:28 am
just place cursor over link &
look at bottom left of screen & see if the 2 match
if not don’t click it
Comment by ken — 11/2/2004 @ 2:18 pm
As was noted by someone else, I had to right-click on the link - just hovering the mouse over it did not show the alternate address in IE 6. Right-clicking did reveal the “true” link.
Comment by AnniM — 11/2/2004 @ 9:54 pm
Yep…if you just hover the mouse over the link it will show the same as what is being displayed as the “true” link. Right clicking and selecting PROPERTIES will show the actual source link.
Comment by Chris — 11/3/2004 @ 2:45 am
One also has to be wary of java overlays that some sites use. this masks the url and then process the information in java code
Comment by Fifty — 8/23/2007 @ 2:42 pm