Version 1.05 for Firefox now available. Addresses the recently discovered Mozilla "IDN" vulnerability described at http://www.shmoo.com/idn/
SpoofStick is now a draggable, resizable toolbar button. Find out more.
What is SpoofStick?
SpoofStick is a simple browser extension that helps users detect spoofed (fake) websites. A spoofed website is typically made to look like a well known, branded site (like ebay.com or citibank.com) with a slightly different or confusing URL. The attacker then tries to trick people into going to the spoofed site by sending out fake email messages or posting links in public places - hoping that some percentage of users won't notice the incorrect URL and give away important information. This practice is sometimes known as “phishing".
SpoofStick makes it easier to spot a spoofed website by prominently displaying only the most relevant domain information. It's not a comprehensive solution, but it's a good start. For example, if you're on the following URL (this is a real, legitimate ebay url):
Spoofstick will say: "You're on ebay.com".
If you get fooled by going to a spoofed site, for example http://email@example.com/ (a "spoof" example used by ebay in their customer outreach),
Spoofstick will say: "You're on 10.19.32.4"
You can customize the color and size of the SpoofStick display to suit your tastes and make it harder for a fake site to try to “spoof” SpoofStick with a static graphic.
SpoofStick contains no adware, spyware, nagware or other unhealthy additives.
Download SpoofStick for Internet Explorer
Download SpoofStick for Firefox