Help for presentation on phishing

[rudy45]

I am preparing a presentation on phishing, for my computer law class. I will have them create a hyperlink that apparently goes to a "real" site (e.g. www.realsite.com), but actually goes to a second site (e.g. www.fakesite.com).

Question: am I correct that there's a way that www.fakesite.com can "mask" its own URL, and tell the browser instead (falsely) that it's at the "real" site? Is there html that does it? I'd like to be able to explain that concept and how it's done, and appreciate any help. Thanks.

[Always Right]

Website spoofing

From Wikipedia, the free encyclopedia

 

Jump to: navigation, search

Website spoofing is the act of creating a website, as a hoax, with the intention of misleading readers that the website has been created by a different person or organisation. Normally, the website will adopt the design of the target website and sometimes has a similar URL.^[1]

Another technique is to use a 'cloaked' URL. By using domain forwarding, or inserting control characters, the URL can appear to be genuine while concealing the address of the actual website.^[2]

The objective may be fraudulent, often associated with phishing or e-mail spoofing, or to criticize or make fun of the person or body whose website the spoofed site purports to represent.^[3]

As an example of the use of this technique to parody an organization, in November 2006 two spoof websites were produced claiming that Microsoft had bought Firefox and released Microsoft Firefox 2007.^[4]

[Nat Turner]

There are lots of ways to do this but the most common are DNS poisoning, cross site scripting XSS, and java based attacts. If you were to google "internet security and phishing" you will get deluged in information

[HuntsvilleTxVeteran]

So you want to teach people how to phish?

[rudy45]

lol yes and no. I don't want them to phish of course, but I DO want them to be familiar with the techniques that phishers use. By analogy, I would love people to know how to shoot, but it's so they can DEFEND themselves, not so they commit a crime.

[Hegemony Cricket]

Yep. He wants to become a Phish Philospher! LOL!

[HuntsvilleTxVeteran]

I shot an error into the air.
It is still going everywhere!


ANON

[tacticalogic]

"Phishing" typically involves obfucating the acutal target in a url.

"Pharming" is the process of redirecting people to a fake site, usually via manipulation of DNS resolution.

[Hegemony Cricket]

You're one up on me, man. I shot an arrow in the air,


and missed! ;-)

[HuntsvilleTxVeteran]

http://www.techworld.com/security/news/index.cfm?newsid=7804

According to the company, which monitors the incidence of phishing sites through its browser toolbar, the total number of sites rose from 41,000 in 2005 to 609,000 in 2006. Of this, a staggering 277,000 unique URLs were detected in December alone, with 457,000 cumulatively in the last three months of the year.

Netcraft’s explanation for the sudden surge is the emergence of phishing-creation kits known collectively as "Rockfish" (or "R11"), which automate the rapid creation of scam websites. These allow sophisticated domain management, including webs of sub-domains, as part of the battle to overwhelm anti-phishing systems with vast numbers of short-lived sites that are impossible to keep tabs on or block.