DIR Return Create A Forum - Home
---------------------------------------------------------
gworld
HTML https://gworld.createaforum.com
---------------------------------------------------------
*****************************************************
DIR Return to: MUST KNOW
*****************************************************
#Post#: 330--------------------------------------------------
ADDRESS SPOOFING
By: eba95 Date: August 5, 2010, 6:48 am
---------------------------------------------------------
Address Spoofing
The more complex a
Web browser or e-
mail client is, the
more loopholes and
weaknesses phishers
can find. This means
that phishers add to
their bags of tricks as
programs get more
sophisticated. For
example, as spam
and phishing filters
become more
effective, phishers get
better at sneaking
past them.
The most common
trick is address
spoofing. Many e-mail
programs allow users
to enter their desired
information into the
"From" and "Reply-to" fields. While
convenient for people who use
multiple e-mail address, this makes
it easy for phishers to create
messages that look like they came
from a legitimate source. Some e-
mail servers also allow computers to
connect to the simple mail transfer
protocol (SMTP) port without the use
of a password. This allows phishers
to connect directly to the e-mail
server and instruct it to send
messages to victims.
Other tricks include:
Obfuscated links. These URLs look
real but direct the victim to the
phisher's Web site. Some
obfuscation techniques include:
Using misspelled versions of the
spoofed company's URL or using
international domain name (IDN)
registration to re-create the target
URL using characters from other
alphabets.
Including the targeted company's
name within an URL that uses
another domain name.
Using alternate formats, like
hexadecimal, to represent the URL.
Incorporating instructions for
redirection into an otherwise
legitimate URL.
*****************************************************