Tip

Freebie antiphishing tool verifies domain information

Please let others know how useful this tip is via the rating scale at the end of it. Do you have a useful Exchange or Outlook tip, timesaver or workaround to share? Submit it to our tip contest and you could win

    Requires Free Membership to View

    Login

a prize.

Phishing is a variety of Internet-based scam where an unsuspecting victim is sent an official-looking e-mail professing to be from a popular Web site.

The e-mail usually contains a warning about the nature of a person's account with said site, and a "confirmation link," which leads the victim to a fake Web site (designed to look like the real thing), where they may be coerced into surrendering sensitive information, such as credit card numbers or bank accounts.

Because phishing relies on the gullibility of end users, rather than any technical weaknesses on their computers, it's classified as a social-engineering attack -- it's done by lying to and misdirecting people, not exploiting bugs.

One way phishing scammers hide their tracks is by obscuring the true domain name in a URL. This can be done by, among other things, using a string of subdomains. For instance, most people who see http://www.paypal.com.site21.com will not really notice the site21.com at the end; they'll just see the paypal.com part of the URL.

eBay and PayPal are the two of the most commonly spoofed authorities, and since their domain names are broadly recognized, the unsuspecting are easily fooled by tricks like this.

Security firm CoreStreet has created a free software tool called SpoofStick, a browser plug-in for both Internet Explorer and Firefox that helps defeat social-engineering attacks like phishing.

When installed, it adds a toolbar to your browser that tells you exactly what domain you're in. If you believe you're being sent to eBay when you click a link, SpoofStick will determine if you are in fact there or not -- without you having to decipher the URL manually.

SpoofStick can also see through International Domain Name exploits, where a domain name could be spoofed by using some international characters that look like ASCII characters.

One caveat: CoreStreet provides SpoofStick for as-is use only. It's free, but unsupported.

About the author: Serdar Yegulalp is editor of the Windows 2000 Power Users Newsletter.

Do you have comments on this tip? Let us know.
Related information from SearchExchange.com:

  • Learning Center: The spamfighter's toolbox
  • Chapter Download: Would the real sender please stand up?
  • Reference Center: Exchange Server security tips and resources


    This was first published in December 2005

    • Join the conversationComment

    Share
    Comments

      Results

      Contribute to the conversation

      All fields are required. Comments will appear at the bottom of the article.

      Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

      Back to top