Abstract :
Phishing (the act of conning a person into divulging sensitive information) commonly uses legitimate-looking Web sites that mimic the online interface of the institution the attacker is misrepresenting (usually a bank, merchant, or ISP). One way users can tell they are viewing a false Web site is to check the Web browser´s address bar: the URL should match that of the actual institution, barring any vulnerabilities that permit spoofing the address bar or some types of DNS spoofing attack. However, recent phishing scams not only spoof an institution´s Web site but also spoof the browser´s address bar and display the correct URL.
Keywords :
Web sites; computer crime; invasive software; online front-ends; user interfaces; URL; Web sites; browser address bar; interface; phishing; spoofing; Automatic control; Computer displays; Computer security; Graphical user interfaces; HTML; Privacy; Rendering (computer graphics); Uniform resource locators; User interfaces; XML; 65; GUI; Web browser attacks; XUL attacks; address-bar spoofing; attacks; event models; hijacking;
