Website spoofing is one of the deceptive snare used by cyber criminals for phishing. Internet is still a highly vulnerable place for transactions. Cyber-criminals keep finding different ways to exploit a user online. The only way to survive them is through conventional awareness and credible preventive measures.

What are Spoofed Websites?
A spoofed website is usually a replica of a legitimate website. Almost all the features of this site replicate the existing legitimate site including logos, fonts, colors, structure, etc. In few cases, even the URL of the spoofed site is almost close to the URL of the legitimate site so that it is easier for them to trick its visitor.

Techniques used in spoofing:

  • URL Redirection: URL redirection is possible through web programming to refer a URL to another URL. Many big companies like Google, Microsoft, etc., use them for legitimate business purposes. However, this has become a phishing tool for cyber criminals.They use a legitimate looking URL (www.domain.com, for example). However, when a visitor tries to visit the site, it actually redirects him to a spoofed site (www.phisher.com). It is possible for the user to identify redirecting URLs by monitoring location bar of his browser.
  • URL Cloaking: A legitimate looking URL is used to mask the URL of a spoofed site, by using ‘@’ symbol. Using @ symbol was originally intended as a way to include a username and password in the URL. When a user tries to open the legitimate looking URL, www.bank-domain.com@phisher.com, for example, it actually redirects him to the phishing site www.phisher.com, rather than www.bank-domain.com.
  • URL Masking: A illegitmate / phishing site is concealed behind the text of URL of a legitimate site. Web programming has enough attributes to support masking of a URL easily.A user gets an email from phisher containing a link to a legitimate site (www.domain.com, for example). However, the link is the mask of a spoofed site (www.phisher.com). The deception actually happens in the status bar of the browser. When you hover mouse over a link the status bar should show where the link will guide you to. The deceptive link is so well hidden that the user cannot find it even in the status bar on hovering mouse over the link. This is generally done using javascript.
  • Typo Scamming: Typos are inevitable when you are typing out on your keyboard. Cyber criminals use this as an advantage and register web addresses that resemble the name of a popular and legitimate site. These URLs are slightly differentiated by adding, excluding, or rearranging letters.For example, web address of a legitimate site www.bankm.com is differentiated as
    • www.banmk.com
    • www.bakm.com
    • www.bankm-online.com

Why beware of spoofed sites?
Spoofed websites are actual sources of phishing. The main job of the phisher is to convince the visitor that his spoofed site is legitimate. From then on it is the visitor who will be submitting his information to the phisher, unknowingly though. It can be his bank username and password, or any such information that is of economical value.

Cyber criminals also use spoofed websites to deploy malware into the visitors PC thus making it as a part of their botnet.

Precautions to take to avoid being a victim of spoofed sites

  • Avoid using sites that do not have SSL/TLS certificate while you are banking, buying, selling, transferring money or using credit/debit cards online.
  • Make it a habit of checking the SSL/TLS validity every time you visit a site before making financial transactions, by clicking on the lock icon.
  • Never click a hyperlink to get to a website for financial transaction unless you are CERTAIN that it is a legitimate link.
  • Just type out the URL yourself, use credible search engine results or copy paste it from your records.
  • Do not use same username / password for all your online logins.


Also read on Email Spoofing.

Comments are closed.