Newly Discovered URL Spoofing Trick Affects I.E. and Safari

The Internet Patrol default featured image
Share the knowledge

A newly discovered URL spoofing trick can affect anyone using I.E. versions up to and including 6.0.2800.1106, and Safari for Mac. (IE version 6.0.2900, Mozilla, and Firefox are not affected.)

The way that it works is that it allows the display of one URL, while when clicked, the user is actually taken to another site. While it does not mask the real URL of the landing site up in the address bar, if misused intentionally by malicious spoofers, particularly those phishing for information, an unwary user may not note the URL in the address bar, or catch minor differences in spelling.

Here is such a redirecting URL in practice:

http://www.amazon.com

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

Go ahead, click on it…

…it took you right back here, didn’t it? Even though it looked like you were going to go to Amazon’s website.

At present time it seems that the only choices for avoiding this spoof are either upgrading, switching browsers, or educating users. Of course, users should already know to never click a URL sent in spam, and should also be wary of sites not run by reputable companies.

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

6 thoughts on “Newly Discovered URL Spoofing Trick Affects I.E. and Safari

  1. One also has to be wary of java overlays that some sites use. this masks the url and then process the information in java code

  2. Yep…if you just hover the mouse over the link it will show the same as what is being displayed as the “true” link. Right clicking and selecting PROPERTIES will show the actual source link.

  3. As was noted by someone else, I had to right-click on the link – just hovering the mouse over it did not show the alternate address in IE 6. Right-clicking did reveal the “true” link.

  4. just place cursor over link &
    look at bottom left of screen & see if the 2 match
    if not don’t click it

  5. A newly discovered URL spoofing trick can affect anyone using I.E. versions up to and including 6.0.2800.1106, and Safari for Mac. (IE version 6.0.2900, Mozilla, and Firefox are not affected.) The way that it works is that it allows the…

  6. One way I saw is that if you right click on the link then it will display the real link in the lower left corner of the ie screen on version 6

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.