Creating a website, as a hoax, with the intention of misleading readers
This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)
This article may need to be rewritten to comply with Wikipedia's quality standards. You can help. The talk page may contain suggestions.(July 2014)
This article needs to be updated. Please help update this article to reflect recent events or newly available information.(June 2022)
(Learn how and when to remove this message)
Website spoofing is the act of creating a website with the intention of misleading readers that the website has been created by a different person or organization. Normally, the spoof website will adopt the design of the target website, and it sometimes has a similar URL.[1] A more sophisticated attack results in an attacker creating a "shadow copy" of the World Wide Web by having all of the victim's traffic go through the attacker's machine, causing the attacker to obtain the victim's sensitive information.[2]
Another technique is to use a 'cloaked' URL.[3] By using domain forwarding, or inserting control characters, the URL can appear to be genuine while concealing the actual address of the malicious website. Punycode can also be used for this purpose. Punycode-based attacks exploit the similar characters in different writing systems in common fonts. For example, on one large font, the greek letter tau (τ) is similar in appearance to the Latin lowercase letter t. However, the greek letter tau is represented in punycode as 5xa, while the Latin lowercase letter is simply represented as t, since it is present on the ASCII system. In 2017, a security researcher managed to register the domain xn--80ak6aa92e.com and have it show on several mainstream browsers as apple.com. While the characters used didn't belong to the latin script, due to the default font on those browsers, the end result was non-latin characters that were indistinguishable from those on the latin script.[4][5]
The objective may be fraudulent, often associated with phishing or e-mail spoofing, or to criticize or make fun of the person or body whose website the spoofed site purports to represent. Because the purpose is often malicious, "spoof" (an expression whose base meaning is innocent parody) is a poor term for this activity so that more accountable organisations such as government departments and banks tend to avoid it, preferring more explicit descriptors such as "fraudulent" or "phishing".[6][7]
As an example of the use of this technique to parody an organisation, in November 2006 two spoof websites, www.msfirefox.com and www.msfirefox.net, were produced claiming that Microsoft had bought Firefox and released "Microsoft Firefox 2007."[8]
^"Spoof website will stay online", BBC News, 29 July 2004
^"Web Spoofing: An Internet Con Game" (PDF). Archived from the original (PDF) on 2017-10-12. Retrieved 2023-05-05.
^Anti-Phishing Technology" Archived 2007-09-27 at the Wayback Machine, Aaron Emigh, Radix Labs, 19 January 2005
^"That apple.com link you clicked on? Yeah, it's actually Russian". www.theregister.com.
^"Google is fixing a Chrome flaw that makes phishing easy". 17 April 2017.
^"HMRC phishing and scams: detailed information". Retrieved 2023-11-01.
^"Scam calls". Retrieved 2023-11-01.
^"Fake Sites Insist Microsoft Bought Firefox", Gregg Keizer, InformationWeek, 9 November 2006
Websitespoofing is the act of creating a website with the intention of misleading readers that the website has been created by a different person or...
vulnerable to spoofing attacks when extra precautions are not taken by applications to verify the identity of the sending or receiving host. IP spoofing and ARP...
and phishing emails to use spoofing in order to mislead the recipient. More recent countermeasures have made such spoofing from internet sources more...
Caller ID spoofing is a spoofing attack which causes the telephone network's Caller ID to indicate to the receiver of a call that the originator of the...
for malicious purposes. The term Domain name spoofing (or simply though less accurately, Domain spoofing) is used generically to describe one or more...
portrayed to be spinoffs of other news sites, some of these websites are examples of websitespoofing, structured to make visitors believe they are visiting...
biases, heuristics, and partisan affiliation. Some fake news websites use websitespoofing, structured to make visitors believe they are visiting trusted...
In computer networking, IP address spoofing or IP spoofing is the creation of Internet Protocol (IP) packets with a false source IP address, for the purpose...
associated with the spoofed URL. Spoofing is the act of deception or hoaxing. URLs are the address of a resource (as a document or website) on the Internet...
Punycode encodings for different types of input. Emoji domain UTF-5 UTF-6 Websitespoofing RFC 3492, Punycode: A Bootstring encoding of Unicode for Internationalized...
technically spoofing, though sometimes also described as such. In software, systems and networks testing, and sometimes penetration testing, referer spoofing is...
hoax – Message warning of a non-existent computer virus Websitespoofing – Creating a website, as a hoax, with the intention of misleading readers Tattersall...
DNS spoofing, also referred to as DNS cache poisoning, is a form of computer security hacking in which corrupt Domain Name System data is introduced into...
domain website, whether it be due to length or privacy/security issues. Websitespoofing URL shortening URL redirection Hutchison, Tom (2008). Web Marketing...
different meaning from its counterparts. This kind of spoofing attack is also known as script spoofing. Unicode incorporates numerous writing systems, and...
memorable URL or to fraudulently conceal a phishing site as part of websitespoofing. Before HTML5, the same effect could be done with an HTML frame that...
miscellaneous fake news websites that don't fit into any of the other fake news website lists such as these lists of: fake news website campaigns by individuals...
has an online edition, TheGuardian.com, as well as three international websites, Guardian Australia (founded in 2013) Guardian New Zealand (founded in...
Vulnerable To Address Bar Spoofing Attacks". The Hacker News. Retrieved 2024-04-03. "Researchers warn over mobile browser address bar spoofing vulnerabilities"...
the agent to the server. However, this header can be omitted or spoofed, so some websites use other detection methods. "W3C Definition of User Agent". www...
a bug that caused passwords to be visible Fixes a bug that caused websitespoofing Feature Update 3.1.2 7D11 October 8, 2009 Fixes a bug that caused iPhones...
Miley Cyrus's body as seen twerking on California governor Jerry Brown, spoofing the 2013 VMAs. DNC Chairwoman and Florida Congresswoman Debbie Wasserman...
website based in the United States. With over 500 million users, it is one of the world's largest social networks and the fifth-most visited website in...
that even if Bonsai Kitten was a spoof it "encourages animal cruelty". The webpage being featured on the cruel.com website was significantly controversial...
the Yes Men concept initially sprang from their creation of a fake websitespoofing the World Trade Organization. To the surprise of Servin and Vamos,...
Genesis Market was a cybercrime-facilitation website noted for its easy-to-use interface. It enabled users to spoof over two million different victims, providing...
million. Netherlands Police came across iSpoof in an ongoing spoofing investigation. They discovered that the spoofing service was hosted on servers in The...