A newly discovered URL spoofing trick can affect anyone using I.E. versions up to and including 6.0.2800.1106, and Safari for Mac. (IE version 6.0.2900, Mozilla, and Firefox are not affected.)
The way that it works is that it allows the display of one URL, while when clicked, the user is actually taken to another site. While it does not mask the real URL of the landing site up in the address bar, if misused intentionally by malicious spoofers, particularly those phishing for information, an unwary user may not note the URL in the address bar, or catch minor differences in spelling.
Here is such a redirecting URL in practice:
http://www.amazon.com |
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
Go ahead, click on it…
…it took you right back here, didn’t it? Even though it looked like you were going to go to Amazon’s website.
At present time it seems that the only choices for avoiding this spoof are either upgrading, switching browsers, or educating users. Of course, users should already know to never click a URL sent in spam, and should also be wary of sites not run by reputable companies.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
One also has to be wary of java overlays that some sites use. this masks the url and then process the information in java code
Yep…if you just hover the mouse over the link it will show the same as what is being displayed as the “true” link. Right clicking and selecting PROPERTIES will show the actual source link.
As was noted by someone else, I had to right-click on the link – just hovering the mouse over it did not show the alternate address in IE 6. Right-clicking did reveal the “true” link.
just place cursor over link &
look at bottom left of screen & see if the 2 match
if not don’t click it
A newly discovered URL spoofing trick can affect anyone using I.E. versions up to and including 6.0.2800.1106, and Safari for Mac. (IE version 6.0.2900, Mozilla, and Firefox are not affected.) The way that it works is that it allows the…
One way I saw is that if you right click on the link then it will display the real link in the lower left corner of the ie screen on version 6