A SEMINAR

ON

WEB SPOOFING

PRESENTED BY: Nidhi Tiwari
1

WHAT IS SPOOFING
• An attacker alters his identity so that some one thinks he is some one else

2

TYPES OF SPOOFING
IP spoofing
Email spoofing Web spoofing

3

WEB SPOOFING
Is electronic con-game. In this way, an attacker may obtain confidential information.  They can also provide false or misleading information. They can even create a ‘shadow copy’ of the whole web to the victim

4

CONSEQUENCES
• Surveillance : The attacker can passively watch the traffic , recording which pages the victim visits and the contents of those pages . • Tampering : The attacker is also free to modify any of the data traveling in either direction between the victim and the Web .
5

SPOOFING THE WHOLE WEB??

6

HOW THE ATTACK WORKS

7

Assuming the attacker’s server is on the machine www.attacker.com. http://home.netscape.com http://www.attacker.com/http://hom e.netscape.com.

8

9

A RECENT INCIDENT
Attackers registered a domain named www.citi.com (as opposed to citibank.com) Sent emails to the bank’s customer asking them to connect to the new web site (by simply clicking on the link below) and reregistering by entering their account information (including password)
10

Imagine that the E-mail look like the example:-

Subject : Citicards E-mail Verification – yourname@anywhereonline.com
Dear Citi-bank User , This message was ssent by CitibankOnline serevr to veerify your e-mail adderss. You must cplomete this pscoers by clicking on the link below and enteering in the small window your Citi ATM full card Nummber and PiN that you use on ATM machine. That is done for your prtocetion because some of our members no longer have aceses to their email addresses and we must verify it. To veerify your email address and akcess your Citicard account click on the link beloow. If ntohing happens when u clik on the link copy and paste the link into the address bar of your window. http://www.citibank.com/?rL84oN1Nrvp5c7HRbtZ4UbO95WaKqXAUJIY --------------------------------------------------------------------------------Thank you for using Citibank – Online! ---------------------------------------------------------------------------------11

12

HOW TO RECOGNIZE SPOOFED WEB SITES
 verify the security certificate. In Internet Explorer checking the yellow lock icon on the status bar.

13

SECURE SITE LOCK ICON
 Double-click the lock icon to display the security certificate for the site. When you check the certificate, the name following Issued to should match the site you think you are on. If the name differs, you may be on a spoofed site.

14

Thank you!
15

Sign up to vote on this title
UsefulNot useful