Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Freebie antiphishing tool verifies domain information

SpoofStick is a free browser toolbar that helps defeat phishing scams by telling users exactly what domain they're in at any given time.

Please let others know how useful this tip is via the rating scale at the end of it. Do you have a useful Exchange or Outlook tip, timesaver or workaround to share? Submit it to our tip contest and you could win a prize.

Phishing is a variety of Internet-based scam where an unsuspecting victim is sent an official-looking e-mail professing to be from a popular Web site.

The e-mail usually contains a warning about the nature of a person's account with said site, and a "confirmation link," which leads the victim to a fake Web site (designed to look like the real thing), where they may be coerced into surrendering sensitive information, such as credit card numbers or bank accounts.

Because phishing relies on the gullibility of end users, rather than any technical weaknesses on their computers, it's classified as a social-engineering attack -- it's done by lying to and misdirecting people, not exploiting bugs.

One way phishing scammers hide their tracks is by obscuring the true domain name in a URL. This can be done by, among other things, using a string of subdomains. For instance, most people who see http://www.paypal.com.site21.com will not really notice the site21.com at the end; they'll just see the paypal.com part of the URL.

eBay and PayPal are the two of the most commonly spoofed authorities, and since their domain names are broadly recognized, the unsuspecting are easily fooled by tricks like this.

Security firm CoreStreet has created a free software tool called SpoofStick, a browser plug-in for both Internet Explorer and Firefox that helps defeat social-engineering attacks like phishing.

When installed, it adds a toolbar to your browser that tells you exactly what domain you're in. If you believe you're being sent to eBay when you click a link, SpoofStick will determine if you are in fact there or not -- without you having to decipher the URL manually.

SpoofStick can also see through International Domain Name exploits, where a domain name could be spoofed by using some international characters that look like ASCII characters.

One caveat: CoreStreet provides SpoofStick for as-is use only. It's free, but unsupported.

About the author: Serdar Yegulalp is editor of the Windows 2000 Power Users Newsletter.

Do you have comments on this tip? Let us know.
Related information from SearchExchange.com:

  • Learning Center: The spamfighter's toolbox
  • Chapter Download: Would the real sender please stand up?
  • Reference Center: Exchange Server security tips and resources

  • Dig Deeper on Exchange Server setup and troubleshooting

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.