We all know what spamming is. Indeed it would be a safe bet to imagine that like most people throughout the world, just, yourself had to deal with your own share of inbox cleaning today, with the sole purpose of weeding unwanted, spam emails. And in spite of more and more specific filtering solutions, and in spite of our best efforts to get rid of these unruly intrusions into our private life, every day, yet more spam emails find their way into our inboxes…
The other day, I gave a presentation to a small audience of webmasters. When I asked them if they knew what email spamming was, I wasn’t surprised to see that just about everybody raised their hands. Everybody knows what email spamming is. But when it comes to Website Spoofing the reality is different and too many people, even professional webmaster don’t really know what it really is. And it was the case with my own group of webmasters.
If you’re lucky, website spoofing can just be an annoyance. If you are not lucky, you or your business could be set for a bumpy ride.Click to tweet
So what is website spoofing?
Here is what Wikipedia – Web Spoofing has to say about this:
Website spoofing is the act of creating a website, as a hoax, with the intention of misleading readers that the website has been created by a different person or organization. Normally, the spoof website will adopt the design of the target website and sometimes has a similar URL. A more sophisticated attack results in an attacker creating a “shadow copy” of the World Wide Web by having all of the victim’s traffic go through the attacker’s machine, causing the attacker to obtain the victim’s sensitive information.
There are all kinds of methods to trick a visitor into visiting a website that looks familiar with the sole purpose of abusing that visitor’s trust and spoofing is a real problem that cost billions of dollars to legitimate companies out there.
The easiest method is to misspell a name. For example,type michaeljackson.com in your address bar, and the site that comes up seems like it is the real thing. HOWEVER if you remove the letter K and type (DO NOT, IT’S A SPOOFING SITE) michaeljacson.com (without the K) you would get sent to something that has nothing to do with the website you thought you were visiting. This example illustrates the most rudimentary type of spoofing, other method are in fact a whole lot more pernicious.
People use spoofing for all kinds of nefarious purposes and in most cases, they can cause real damage to the innocent visitor.
Want to know else these spoofing gangsters get up to?
IP Spoofing. Which simply means that attacks can often times disguise the identity of the sending or receiving host by taking advantage of a lack of accountability in the TCP/IP suite protocols. A good way to defend yourself against such attack is by using a quality firewall.
Referrer Spoofing… by which an incorrect referrer information in the HTTP request is sent in order to prevent a website from obtaining the identity of the webpage previously visited by the user.
Then there are
Call ID spoofing, GPS Spoofing, e-mail address spoofing (the use of someone else’s email address as the sender when sending spam emails to others… I often receive spam emails which look like they have come from my own personal email address, when of course they haven’t.
It’s the wild, wild west out there in the online world.