Home > Security Channel Project Guides > Email Security Services > Email Security Products and Tools > Email Security Product Reviews > Freebie antiphishing tool verifies domain information
Project Guides: Email Security Services:
EMAIL THIS
 START   ENCRYPTION   EMAIL THREATS   WEBMAIL SECURITY   EMAIL COMPLIANCE   PRODUCTS & TOOLS   
Email Security Products and Tools


Email Security Product Reviews
<< PREVIOUS | NEXT >>: What is the best antivirus software to use when...
 TIPS & NEWSLETTERS TOPICS 

EXCHANGE SECURITY TIPS

Freebie antiphishing tool verifies domain information


Serdar Yegulalp
12.20.2005
Rating: -4.00- (out of 5)


Exchange Server tips, tutorials and expert advice
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


Please let others know how useful this tip is via the rating scale at the end of it. Do you have a useful Exchange or Outlook tip, timesaver or workaround to share? Submit it to our tip contest and you could win a prize.

Phishing is a variety of Internet-based scam where an unsuspecting victim is sent an official-looking e-mail professing to be from a popular Web site.

The e-mail usually contains a warning about the nature of a person's account with said site, and a "confirmation link," which leads the victim to a fake Web site (designed to look like the real thing), where they may be coerced into surrendering sensitive information, such as credit card numbers or bank accounts.

Because phishing relies on the gullibility of end users, rather than any technical weaknesses on their computers, it's classified as a social-engineering attack -- it's done by lying to and misdirecting people, not exploiting bugs.

One way phishing scammers hide their tracks is by obscuring the true domain name in a URL. This can be done by, among other things, using a string of subdomains. For instance, most people who see http://www.paypal.com.site21.com will not really notice the site21.com at the end; they'll just see the paypal.com part of the URL.

eBay and PayPal are the two of the most commonly spoofed authorities, and since their domain names are broadly recognized, the unsuspecting are easily fooled by tricks like this.

Security firm CoreStreet has created a free software tool called SpoofStick, a browser plug-in for both Internet Explorer and Firefox that helps defeat social-engineering attacks like phishing.

When installed, it adds a toolbar to your browser that tells you exactly what domain you're in. If you believe you're being sent to eBay when you click a link, SpoofStick will determine if you are in fact there or not -- without you having to decipher the URL manually.

SpoofStick can also see through International Domain Name exploits, where a domain name could be spoofed by using some international characters that look like ASCII characters.

One caveat: CoreStreet provides SpoofStick for as-is use only. It's free, but unsupported.

About the author: Serdar Yegulalp is editor of the Windows 2000 Power Users Newsletter.

Do you have comments on this tip? Let us know.
Related information from SearchExchange.com:

  • Learning Center: The spamfighter's toolbox
  • Chapter Download: Would the real sender please stand up?
  • Reference Center: Exchange Server security tips and resources


    Rate this Tip
    To rate tips, you must be a member of SearchExchange.com.
    Register now to start rating these tips. Log in if you are already a member.


    Submit a Tip




    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


    << PREVIOUS | NEXT >>: What is the best antivirus software to use when...
    VIEW ALL IN THIS CATEGORY


    RELATED CONTENT
    Exchange Security Tips
    How to install Forefront Security for Exchange Server
    Is full email encryption the solution to Exchange security?
    Lock down direct file access and protect OWA users
    Controlling spam in Exchange 2007 at the edge transport server level
    When to use a self-signed certificate with Exchange Server 2007
    Obtaining and verifying SSL certificates in Exchange Server
    How file-level antivirus software can harm your Exchange Server
    Understanding Exchange Server 2007 SP1 mobile security settings
    Which ActiveSync authentication method is best for your mobile device?
    Why you should secure Exchange 2007 using administrative policies

    Exchange Server Security
    OWA 'Loading' problems with Internet Explorer security zones
    New Exchange Server tools named as Products of the Year
    Beware of bare linefeeds in Exchange Server email
    Top 10 Exchange Server administration tips of 2006
    Enabling protocol logging for Exchange Server
    Eliminate annoying Microsoft Outlook security warnings with ClickYes Pro
    Forefront beta secures SharePoint collaboration
    Dell, Symantec simplify Secure Exchange for SMBs
    Tutorial: How to determine which ports Exchange Server is using
    Unsecured devices worry IT professionals
    Exchange Server Security Research

    Phishing and Email Fraud Protection
    Exchange 2007 out-of-office (OOF) feature adds usability and security
    Microsoft Outlook and Exchange Server 2003 Email Security Guide
    A Microsoft Outlook email security tutorial -- 8 tips in 8 minutes
    Microsoft Office 2007's native security and antiphishing tools
    New tools fight fraud and phishing
    Phishing protection primer
    Three ways phishers are hooking you
    Phishing: A whale of a problem for enterprises
    New phishing threat outpaces Netsky-P
    PhishTank casts its net for malicious email

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    greylist  (SearchExchange.com)
    Sender ID  (SearchExchange.com)
    Vouch by Reference (VBR)  (SearchExchange.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary

    DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



    • Email Server Solutions: Exchange 2007, Exchange 2003, Exchange 2000, SharePoint
    HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersIT Downloads
    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    SEARCH 
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2004 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts