17.19 – Spoofing of Sites or Contacts

Every website has its own look, and either through popularity or familiarity, they are easily recognizable.

This hides the fact, however, that websites are simply code. Moreover, the fact they must be displayed means they are easy to copy. A hacker can effortlessly post a website which looks identical to the original, except they can modify links to point to malware and vectors to infect other systems.

The hackers cannot duplicate the exact URL address (although if they have compromised the website hosting account of the original, all bets are off). But they can register a URL which is very similar to the original.

For instance, note how similar “www.linkedin.com” and “www.1inkedin.com” are. There is only one character difference, but the addresses are completely different as far as the Internet goes, and the latter address could be owned by anyone. Same thing with “WWW.GOOGLE.COM” and “WWW.G0OGLE.COM”. If it is not obvious on your screen, the first letter “o” in the second example is instead a zero. That can be hard to spot, but again, it is a completely different address and destination.

This is especially dangerous if the spoofed site is something which serves and collects secure credentials. Suppose someone is using BMO.COM as a customer of Bank of Montreal. If they do not notice they are actually visiting BM0.COM (again, a zero in place of the first letter “o”), they may be literally giving the hackers their user id and password when they try to login. 

This problem will not occur if we (correctly) type the URL into our browser’s address bar ourselves. But we often get to the site through a link or something else which could be spoofed. Always be aware of the site intended and confirm any link to it is legitimate.

Contacts and people can also be spoofed. As with URL’s, the email address might have slightly different characters which mean an entirely different recipient. The displayed name may match a known person or someone in the contact list, but depending on how that email was delivered, it could have been compromised so that someone else is reading the reply.