In FIG. 1 of the drawings that follow there is shown an address bar 2 of part of an Internet Explorer (trade mark) web-page. The address bar 2 includes the unique resource locator (URL) 4 of the web-page in focus.
Unfortunately, the address bar may be exploited by fraudsters using a number of methods. These methods enable fraudsters to spoof legitimate web-pages.
For instance, in the URL 4 of the FIG. 1 address bar 2 it appears that it is for a CNN news article link. However, on closer inspection the actual address is http://18.69.0.44/evarady/www/_topstory_htm because the browser ignores everything before the “@” symbol (this part of the URL is designed to contain a user name and a password, though it is rarely used). After ignoring the first part, the next piece of data read by the browser is the internet protocol (IP) address and without manually checking this IP address, the user has no way of knowing to whom it belongs.
Thus, a fraudster could send a target an e-mail containing a link to what appears to be the target's bank asking them to log on to their account using user names, passwords, personal identification numbers etc which would, then, be supplied to the fraudster.
Another attack uses a JavaScript command within the source of the web-page which removes (switches off) the existing address bar and replaces it with a fake version. The fake address bar may, for instance, be drawn using bitmap images. It is then up to the fraudster what URL they choose to display within the address bar. Additionally, the padlock used to indicate a secure sockets layer (SSL) connection between a user and a server can also be faked using the same method. The only method of checking the authenticity of the padlock is for the user manually to try and view the service certificate, which hardly ever happens.
Using these and other methods fraudsters can establish imitation corporate and e-commerce web-pages for the gathering of on-line banking details, credit card numbers, passwords etc and then for example may distribute the URLs for such pages through e-mails.