Spoofing
Today, I received an email that appeared to be from Ebay. As most of you know, I use Thunderbird for my email client. In the Ebay message I was warned that my account "could be suspended" unless I re-update my account information. This looked suspicious to me, however I decided to follow the link in the email. Upon clicking on the link, Thunderbird warned me that this was a suspicious link (nice feature) and if I really wanted to proceed to the site. I clicked yes. I wanted to check to see if a feature "Spoofstick" (site: http://www.spoofstick.com is currently down) in Mozilla Firefox was working and to see what this "spoofed" site would look like if it was in fact not an Ebay site. Sure enough, spoofstick showed this to be a spoofed site. Had I not paid attention and logged in to the "spoofed" Ebay account, I would have given vital credit card information and who knows what else to a unknown third party.
So, I spend the time to write this since there are many unsuspecting individuals that are not expecting this. It is very important that most companies if not all will never ask for information such as this by email. There are ways to protect yourself and here is what I recommend:
- If you do not have spoofstick installed on your browsers, I recommend doing so. Spoofsick is available for both Firefox and Internet Explorer. (Only Versions 1.5.0.* or earlier for Firefox)
- To test whether or not the latest patched Outlook Express would warn me, I opened it and downloaded the spoofed Ebay email. I clicked on the link and I was not warned that this might be a suspicious site.
- As always, when visiting a site that holds important account information about yourself, go there with a link in your browser, not by a link in an email (unless you are sure it is not a spoofed email).
Finally, I would like to mention that Microsoft has released their IE7 Beta 2 preview and I am using it when I am testing sites and visiting pages that Firefox has trouble with. It is much better then the current version IE6 which everyone is using (IE7 will detect spoofed pages without spoofstick). Many features that Firefox has been using was incorporated in this release (such as tabbed browsing). It is also much safer then the current release (activex and javascript for example). If you are an IE user, you may want to consider trying it out and you can download it from:
http://www.microsoft.com/windows/ie/default.mspx
Note: Keep in mind this is still in beta, and as you know it may have some bugs and issues. So, this is not for the timid. Nice thing though, this release is not integrated into the operating system (however, it is likely to be integrated into Vista which is due to be released late this year or 2007) and so it can be uninstalled. Also, you must be using Windows XP SP2 and it must be up to date.
Back to Top
|
IE7 Enters Beta 2
Finally, I would like to mention that Microsoft has released their IE7 Beta 2 preview and I am using it when I am testing sites and visiting pages that Firefox has trouble with. It is much better then the current version IE6 which everyone is using (IE7 will detect spoofed pages without spoofstick). Many features that Firefox has been using was incorporated in this release (such as tabbed browsing). It is also much safer then the current release (activex and javascript for example). If you are an IE user, you may want to consider trying it out and you can download it from:
http://www.microsoft.com/windows/ie/default.mspx
Note: Keep in mind this is still in beta, and as you know it may have some bugs and issues. So, this is not for the timid. Nice thing though, this release is not integrated into the operating system (however, it is likely to be integrated into Vista which is due to be released late this year or 2007) and so it can be uninstalled. Also, you must be using Windows XP SP2 and it must be up to date.
Back to Top
|
