Back in April of this year, a reported bug in Internet Explorer (IE) allowed a different website URL to display in the address bar than the actual website displayed on the users computer screen. This was the result of a bug in the Macromedia Flash .swf files in IE. But the net result was that a person with way too much time on their hands could create a link to a deceptive, or "spoofed," website that actually displays the URL of a legitimate website in the status, address, and title bars.
Why would someone do this? Well in combination with phishing, they could create a site to ask for your personal private information so they could use into obtain credit cards in your name all while you thought you were on a legitimate web site. In the past, it was an easy thing to just check the URL of the page displayed in the status or address areas to know if you were on a legitimate site. Well, no more.
Spoofers and Phishers are the lowest of low life criminals hiding behind the anonymity of their computer screens robbing you without having to physically face you. If I could, I would round them all up and send them to Iran, but not before first giving them a sex change (if necessary) and their very own burqa! There’s some anonymity for you!!!
So what should you do to protect yourself.
· First, keep your computer updated with all the security patches for your OS.
· Next, use programs that will check a web page to see if it has been spoofed. Microsoft is working on something I believe for IE7 but until then, go to www.secunia.com for a free utility.
· Never, Never, Never click on a link of an email that asks you submit personal information. Type in the address of the site directly in the Address bar, even if you think the email is legitimate.
· If the URL for the page has an “@” symbol it may be fraudulent.
· Go to “Tools” in IE and select “Internet Options”. Then click on “Security” and click “Custom Level” Adjust your settings to enable prompting before installing ANY ActiveX control.
· Beware of pages that do not have a corresponding Home page for the site.
If you must enter personal information, click the padlock icon in the lower right status bar. (It there is no padlock, get out of there FAST!) You should see the name of the server that serves the page.