Be aware of website spoofing

  • Published
  • By Senior Airman Anthony Sanchelli
  • 39th Air Base Wing Public Affairs
INCIRLIK AIR BASE, TURKEY --  A spoofed or illegitimate website can fool one into giving up personal information without even knowing. This information can range from your date of birth to the number and security code of a credit card.

Spoofed sites are fake web pages made to look identical to legitimate sites and are used to gain personal information. There are several ways to identify a potentially spoofed website. Since websites can't use the same URL, users can note small differences between a spoofed page and the real one. One example is www.incir1ik.af.mil, where the number "1" replaced the letter "l." This may seem like an obvious example of a spoofed page, but it can be overlooked at first glance.

"A big problem is credit card information, birth dates, usernames and passwords to get into your bank accounts. Those would be the big ones with which you should be most careful," said Tech. Sgt. Amy Smith, 39th Communications Squadron information assurance manager.

Individuals should verify the contact information provided on the site should they suspect a page is not legitimate. If the page is a spoofed website, the listed contact number may be false and lead to an unrelated location. The number may also lead to the correct organization, where users can verify if the page they are accessing is correct or not.

Spoofed websites use a multitude of tactics to gather personal information; one of the more popular ways is with a key logger. This program monitors the strokes from a user's keyboard and records this information. This is particularly dangerous when inputting social security numbers and dates of birth, which can be used to steal a person's identity.

"Oftentimes, they're going to be bank sites. You may get an e-mail stating, 'You have this bank account at this location and that you have money left over in it. Click this link to access your account and request your money back,'" said Smith." When individuals click on that link and put in their name, social security number and address to verify the information, that is how the fake site steals it."

Government sites are not safe from spoofing either. In July of 2011, fake versions of the official Air Force Portal surfaced. One fake site even showed up as the number one result in multiple search engines leading many to click the link thinking it was the correct site.

Most legitimate pages that deal with personal information are secure sites. Check the site's certificates clicking the lock symbol to the right of the URL. If a site that should normally be secure does not show the lock symbol, it could be a spoofed website. One should use caution and verify with such sites.

"A big part of (identity theft prevention) is being educated on web spoofing and paying attention to the URL," said Smith.

Should you discover a spoofed page, contact your unit information assurance officer or security officer. You can also use the spam reporting contact numbers from the computer emergency response aid that should be located next to every government computer. If you don't have a computer emergency response aid, request one from the information assurance office.

The key to not becoming a victim to website spoofing is to remain vigilant of the sites you are accessing. Whether it's accessing an official government site or just checking your bank account statements, always make sure you are on the correct site.

For more information, call DSN 676-6876.