Newly Discovered URL Spoofing Trick Affects I.E. and Safari - 2,507 Views, 6 Comments
|
Previous Article « Coming to an ATM Near You: the Blue Screen of Death
Read Next Article » Court Says ISPs Must Advise Customers Before Providing Their Information to Third Parties Under Subpoena
A newly discovered URL spoofing trick can affect anyone using I.E. versions up to and including 6.0.2800.1106, and Safari for Mac. (IE version 6.0.2900, Mozilla, and Firefox are not affected.) The way that it works is that it allows the display of one URL, while when clicked, the user is actually taken to another site. While it does not mask the real URL of the landing site up in the address bar, if misused intentionally by malicious spoofers, particularly those phishing for information, an unwary user may not note the URL in the address bar, or catch minor differences in spelling. Here is such a redirecting URL in practice: Go ahead, click on it… …it took you right back here, didn’t it? Even though it looked like you were going to go to Amazon’s website. At present time it seems that the only choices for avoiding this spoof are either upgrading, switching browsers, or educating users. Of course, users should already know to never click a URL sent in spam, and should also be wary of sites not run by reputable companies.
Follow Anne on Twitter
http://www.amazon.com
Newly Discovered URL Spoofing Trick Affects I.E. and Safari
Twitter Explained in Plain English
Previous Article « Coming to an ATM Near You: the Blue Screen of Death
Read Next Article » Court Says ISPs Must Advise Customers Before Providing Their Information to Third Parties Under Subpoena
Read more:
» Has Safari Suddenly Appeared on Your Windows XP or Windows Vista Machine? Surprise!
» New Free Pop-Up Blocker for a New Breed of Pop-Ups
» Apple Releases New Batch of Patches, Fixes International Domain Names Phishing Flaw in Safari
For additional similar stories check out our archives on Everything Else
NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.
A newly discovered URL spoofing trick can affect anyone using I.E. versions up to and including 6.0.2800.1106, and Safari for Mac. (IE version 6.0.2900, Mozilla, and Firefox are not affected.) The way that it works is that it allows the…
Comment by Lockergnome's IT Professionals — 11/1/2004 @ 11:27 pm
One way I saw is that if you right click on the link then it will display the real link in the lower left corner of the ie screen on version 6
Comment by Marcos — 11/2/2004 @ 5:28 am
just place cursor over link &
look at bottom left of screen & see if the 2 match
if not don’t click it
Comment by ken — 11/2/2004 @ 2:18 pm
As was noted by someone else, I had to right-click on the link - just hovering the mouse over it did not show the alternate address in IE 6. Right-clicking did reveal the “true” link.
Comment by AnniM — 11/2/2004 @ 9:54 pm
Yep…if you just hover the mouse over the link it will show the same as what is being displayed as the “true” link. Right clicking and selecting PROPERTIES will show the actual source link.
Comment by Chris — 11/3/2004 @ 2:45 am
One also has to be wary of java overlays that some sites use. this masks the url and then process the information in java code
Comment by Fifty — 8/23/2007 @ 2:42 pm