Neil Chou, Robert Ledesma, Yuka Teraguchi, Dan Boneh and John C. Mitchell
11th Annual Network and Distributed System Security Symposium (NDSS ’04), 2004.
Abstract
Web spoofing is a significant problem involving fraudulent email and web sites that trick unsuspecting users into revealing private information. We discuss some aspects of common attacks and propose a framework for client-side defense: a browser plug-in that examines web pages and warns the user when requests for data may be part of a spoof attack. While the plugin, SpoofGuard, has been tested using actual sites obtained through government agencies concerned about the problem, we expect that web spoofing and other forms of identity theft will be continuing problems in coming years.