2/10/2005 Version 1.05 for Firefox now available. Addresses the recently discovered Mozilla "IDN" vulnerability described at http://www.shmoo.com/idn/
SpoofStick is now a draggable, resizable toolbar button. Find out more.
What is SpoofStick?
SpoofStick is a simple browser extension that helps users detect spoofed (fake) websites. A spoofed website is typically made to look like a well known, branded site (like ebay.com or citibank.com) with a slightly different or confusing URL. The attacker then tries to trick people into going to the spoofed site by sending out fake email messages or posting links in public places - hoping that some percentage of users won't notice the incorrect URL and give away important information. This practice is sometimes known as “phishing".
SpoofStick makes it easier to spot a spoofed website by prominently displaying only the most relevant domain information. It's not a comprehensive solution, but it's a good start. For example, if you're on the following URL (this is a real, legitimate ebay url):
http://signin.ebay.com/aw-cgi/eBayISAPI.dll?
SignIn&UsingSSL=0&pUserId=&ru=http%3A%2F%
2Fcontact.ebay.com%2Fws1%2FeBayISAPI.dll%
3FShowCoreAskSellerQuestion%26requested%
3Ddominicsmusic%26de%3Doff%26iid%
3D3711129021%26frm%3D284%26acceptcookie%
3D0%26loginconfirmed%3D0%26redirect%3D0%
26pass%3D%7B_pass_%7D%26userid%3D&pp=p
ass&co_partnerid=2&pageType=711"
Spoofstick will say: "You're on ebay.com".
If you get fooled by going to a spoofed site, for example http://signin.ebay.com@10.19.32.4/ (a "spoof" example used by ebay in their customer outreach),
Spoofstick will say: "You're on 10.19.32.4"
You can customize the color and size of the SpoofStick display to suit your tastes and make it harder for a fake site to try to “spoof” SpoofStick with a static graphic.
SpoofStick contains no adware, spyware, nagware or other unhealthy additives.

Download SpoofStick for Internet Explorer
Download SpoofStick for Firefox
|