URL Spoofing - An
Ounce Of PreventionHere's a really good tip from Me2 at CHC. This tip is made
very convenient if you use the "Links" tool bar in Internet Explorer. To
make sure you are using it just right click up on any open area up on the
top tool bar area of IE and choose "Links".
Website
- Tip
Quote from the website -
[InternetShortcut]
URL=javascript:alert(document.domain)
IconIndex=7
IconFile=\Program Files\Internet Explorer\Iexplore.exe
To save it, click File, Save As, type the filename
"What Site Is This.URL"
and click Save. The quotes are required to prevent Notepad adding .txt to the filename.
-- The Problem --
A large number of people have been (and continue to be) taken in by a rather nasty Web hack. They've been tricked into visiting an apparently legitimate but actually malicious site, where they've entered confidential information such as credit card numbers and expiry dates.
They were fooled because their browsers lied to them -- the address bar didn't show the real URL of the site. What was displayed was the URL of a duplicate page on the malicious site.
To see an example of one type of "URL spoofing", try the test at secunia.com. After clicking the link on the page, the address bar falsely claims that you're at microsoft.com. In this case, it's clear that you're not -- but a nasty site would've directed you to a page that looked just like the real thing.
A large number of people have been (and continue to be) taken in by a rather nasty Web hack. They've been tricked into visiting an apparently legitimate but actually malicious site, where they've entered confidential information such as credit card numbers and expiry dates.
They were fooled because their browsers lied to them -- the address bar didn't show the real URL of the site. What was displayed was the URL of a duplicate page on the malicious site.
To see an example of one type of "URL spoofing", try the test at secunia.com. After clicking the link on the page, the address bar falsely claims that you're at microsoft.com. In this case, it's clear that you're not -- but a nasty site would've directed you to a page that looked just like the real thing.
You can create the utility manually by pasting these lines into
Notepad --
[InternetShortcut]
URL=javascript:alert(document.domain)
IconIndex=7
IconFile=\Program Files\Internet Explorer\Iexplore.exe
To save it, click File, Save As, type the filename
"What Site Is This.URL"
and click Save. The quotes are required to prevent Notepad adding .txt to the filename.
Once you've created the URL link file just move it to your Links
folder: Easiest way to open Links -- Click Favorites (not the toolbar
button), and double-click the Links folder.
Another method -- Type javascript:alert(document.domain) in the address bar,
press Enter, and click OK. Drag the icon at the left of the address
bar to Links, and click Yes. In the Links list, right-click
alert(document and click Rename. Change to What site is this or
another suitable name.