How do you detect a fake Websites?

Discussion in 'other security issues & news' started by sweater, Sep 13, 2005.

Thread Status:
Not open for further replies.
  1. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    :rolleyes: :cool:
    I have already installed SpoofStick in my IE and Firefox browsers to at least detect some fake internet websites… but still I’d like to know if they’re really a “real stores” in cyberspace. How about those unpopular sites selling “great items”… how can we know if they really exist? What’s your personal experience?
    :)
     
  2. myluvnttl

    myluvnttl Registered Member

    Joined:
    Aug 23, 2004
    Posts:
    150
  3. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
  4. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    I look for grammar errors.

    More important of all, I don't buy stuff from the Internet. You can't trust anything on the Internet :p
     
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I second that.
     
  6. Pollmaster

    Pollmaster Guest

    Just curious does that mean you don't do any finanical transactions at all?

    Online banking, paying bills, filing taxes etc.

    In my part of the world, that's getting pretty much impossible to avoid doing.

    Actually possible, but the disincentives against that is staggering.
     
  7. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma

    I have been purchasing on the internet for years and have never had a problem. You just have to use good common sense and good security software. ;)
     
  8. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    and for purchasing computer hardware, make sure to check the site at Reseller Ratings.
     
  9. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    Hi sweater,

    I have turned in a number of phishing scams that got through my ISP's scam filter by email. The trick is to look at the message text for the return address when they ask for personal data like a credit card, etc.

    Almost always (unless you look), its very real-like, but not authentic if you look under the hood for things like a dash in the return address where there would normally be a '.' - e.g. "sales@isp-mail.com" instead of "sales@isp.com" or something like that.

    Otherwise, I use SpoofStick on both IE and Firefox.

    -- Tom
     
  10. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    I'm with bigc ...............been doing it for a number of years :)
     
  11. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hi,
    I would not trust too many online sites for your purchases. I would stick to one or two you know are reputable. One thing to definitely avoid are paids ads on sites and links in popups. You should also beware sites giving you ipods for 5 bucks and such. Nothing is free, so stick with those who try to rob your outright with fair and high prices. They are at least honest enough to rob you in daylight and that's ok.
    Personally, I only buy stuff on one site only. Besides, my credit card company has a 30-day revoke insurance policy, which allows the user to cancel any transaction within 30 days of its making. They also phone users once in a while, asking about your international transactions.
    My dad's card number was once used illegally, they phoned him from the company to verify if indeed he has made the purchase.
    Mrk
     
  12. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    When connecting to an https:// website, your browser automatically downloads its certificate (which is signed by a certifying authority) to check that the site is genuine. This makes phishing attempts using https:// sites far harder since the phisher would have to fake such a certificate to avoid visitors receiving warning messages (every phishing attempt I have seen has been to a "plain" http:// page). Therefore just checking that you are on a secure webpage before entering credit card details will avoid spoofing (until both MD5 and SHA are fully cracked, see Wikipedia: Transport Layer Security) though there is the possibility of the website's security not being up to scratch against outside attacks.

    So yes, there is risk and people should carefully check their statements for any unexpected entries. However risk exists in the offline world also (passing your credit-card to a waiter in a restaurant) and they are often greater.
     
  13. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    Hi Paranoid2000,

    Read Microsoft Scraps Old Encryption in New Code, post #2 here in privacy general subforum: https://www.wilderssecurity.com/showthread.php?t=97780

    Apparently, MD5 and SHA-1 have been cracked!

    -- Tom
     
  14. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Not yet they haven't. What is currently possible is a collision attack where researchers can identify two messages that give the same hash. To spoof a website, an attacker would have to be able to do a secondary preimage attack (finding a message that gives the same hash as a pre-existing one). This has yet to be achieved, but the ability to do a collision attack is an indication that preimage attacks will become possible in the near future (see Hash Collision Q&A and Wikipedia: MD5 for more details).
     
  15. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I have had my Visa card attacked twice . The first time for 500 and the second time 6300. I just had to get a new card. Don't know how it was gotten . I know it wasn't off my computer.
     
  16. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    William, watch out for gas stations.

    My dad has had his credit card information stolen by swiping his card onto a fake reader in a gas station. Luckily the credit card company called him.
     
  17. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland

    Can I trust youo_O :)
     
  18. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    Sadly you can't. Perhaps some day, an evil scientist can kidnap me and brainwash me with videos of Bill Gates. I will never be the same human.
     
  19. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, Kye-U

    99% of the time Fake Readers or at ATM's.

    Take Care,
    TheQuest :cool:
     
Loading...
Thread Status:
Not open for further replies.