Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Take Steps to Avoid Getting Tricked by Spoof Websites

Dec 16, 2003 1:34AM PST

During the hectic holiday season, many shoppers rely on the convenience and speed of shopping online. If you're among them, be sure to use the same level of caution on the Web that you would use at a crowded mall or gift shop. Otherwise you could be taken advantage of by malicious individuals. And unfortunately this year, the holiday shopping season is coinciding with a rise in spoofing on the Web.

In a spoofing attack, you can be misled into visiting a malicious website. The site typically tries to trick you into taking some type of unsafe action. These attacks are becoming more common and are hard to detect, so all shoppers need to be cautious about the websites they visit and the actions they take.
What Can Happen?And How to Avoid It

http://www.microsoft.com/security/incident/spoof.asp

Steps that you can take to help identify and to help protect yourself from deceptive (spoofed) Web sites

SUMMARY

When you point to a hyperlink in Microsoft Internet Explorer, Microsoft Outlook Express, or Microsoft Outlook, the address of the Web site typically appears in the Status bar. After you click a link that opens in Internet Explorer, the address of the Web site typically appears in the Internet Explorer Address bar, and the title of the Web page typically appears in the Title bar.

However, a malicious user could create a link to a deceptive (spoofed) Web site that displays the address, or URL, to a legitimate Web site in the Status bar, Address bar, and Title bar . This article describes steps that you can take to help mitigate this issue and to help you to identify a deceptive (spoofed) Web site or URL.

To help identify the URL for a link

To help identify the URL for a link in Internet Explorer:

*Right-click the link, and then click Copy Shortcut.
*Click Start, and then click Run.
*Type notepad, and then click OK.
*On the Edit menu in Notepad, click Paste.

This lets you see the full URL for any hyperlink. You can examine the hyperlink address that Internet Explorer will use. If the URL contains any one of the following characters, the URL might lead to a spoofed Web site:

*%00
*%01
*@


To help identify the URL of a Web page

To help identify the URL of the Web page you are currently viewing in Internet Explorer, use one of the following methods:

Method 1

Use a JScript command in Internet Explorer. In the Address bar, type the following command, and then press ENTER:

javascript:alert("Actual URL address: " + location.protocol + "//" + location.hostname + "/");
The JScript message box shows the actual URL Web address for the Web site that you are visiting.

You can also copy the following JScript code and paste it in the Address bar for a more verbose description of the Web site URL:

javascript:alert("The real URL is: " + location.protocol + "//" + location.hostname + "/" + "\nThe address URL is: " + location.href + "\n" + "If the server names do not match, this may be a spoof.");

Method 2

In the scenarios that Microsoft has tested, you can also use the History Explorer Bar in Internet Explorer to help identify the URL of a Web page. On the View menu, point to Explorer Bar, and then click History. Compare the URL in the Address bar with the URL that appears in the History bar. If they do not match, the Web site is likely misrepresenting itself and you may want to leave the site by typing a new URL or exiting Internet Explorer.

More at http://support.microsoft.com/?kbid=833786

Discussion is locked