Real Estate Technology     Copyright 2003 Jerry Kidd
Your Logo Here
 Home Classes Tech Articles About Jerry GRI 107 Links
Firewalls
Backups
911 Part 1
911 Part 2
911 Part 3
911 Part 4
911 Part 5
MSIE Address Spoof

Microsoft Internet Explorer Address Spoof Vulnerability

Microsoft Internet Explorer Browser Address Spoof Vulnerability 

This vulnerability allows malicious coders to create Web sites that look exactly like legitimate sites, credit card companies, or online merchants, and 'spoof' the web addresses. When a user is at one of these sites and looks in the address section of IE, it will appear as if they are at that company's site. 

Everything from the https:// to the little yellow padlock at the bottom of the 'secure' page can appear complete with the spoofed company's web address or URL (Universal Resource Locator) in the proper places. 

This means that you can no longer trust what you see in the address bar, especially if you are clicking on a link from an e-mail message or from another web site. The possibilities are endless and very dangerous for the less technical Internet going public.  The opportunity for identity theft is enormous and you should take steps to protect yourself. 

You need to test your browser if you are using Internet Explorer Versions 5.0, 5.5, and 6.0.  You can test the browser by going to: http://www.secunia.com/internet_explorer_address_bar_spoofing_test/ 

Because of this latest method of tricking users into divulging personal and financial information, it is important that you do not click on any links in e-mail that supposedly come from your bank, eBay, PayPal, Amazon.com or any online merchant or financial institution. 

If you receive what you think is a legitimate e-mail message from one of your financial or merchant Web sites, do not click on any link in the e- mail, especially if it is asking you to update your information. 

Always go to the company's Web site manually by opening your browser yourself and typing in the actual address for the company. If the information sent in the e-mail is legitimate, then you should be able to access it through the companies Web site when you sign-in or login to your account. 

Information for this posting was obtained from the following sources: 

1)     http://support.microsoft.com/?id=833786

2)     http://www.secunia.com/advisories/10395/

 

 Print this Page
 Copyright 2003, 2004, 2005, 2006, 2007, 2008 Jerry Kidd