Is it Possible to Fake a URL?

ElectroGoofy

Distinguished
Aug 3, 2009
68
0
18,580
0
Hello, all.

Ok, I would like to know this: Is it possible to fake a URL?

For example, some random guy living in his little apartment wants PayPal information, so he sets up a site selling stuff. He then has a link on his site that goes to https://www.paypal.com/<insert random stuff here>, but is really his site where he collects paypal logins and goes on a shopping spree.

Is this possible? If so, is there really any way to tell if a website is legit?

Thanks!
 

aford10

Distinguished
For example, if a server that is hosting the website is infected, then information could be at risk, you could get redirected to another malware infected site, or a number of other things.
 

jefe323

Distinguished
Feb 14, 2010
89
0
18,590
2
you could also be redirected to a site with a url that looks legit at first glance.

back when i was using myspace, i was once redirected to a login page at rnyspace.com. the "r" and the "n" make it look like a "m".
 

dEAne

Distinguished
Dec 13, 2009
116
0
18,660
11
Is it Possible to Fake a URL? Yes that is only one possibility - If your computer is infected it can redirect any sites even secured sites or if you go to blocklisted sites (sites that are known for malwares) definitely you will run to problems.

That's why microsoft, if your using windows, strongly suggest that we update windows often. Installing an antivirus software is one thing but your computing habits (the way you use your computer) makes a big impact on the way we deter any unwanted intrusion into our computer.
 

Ijack

Distinguished
The most effective way of "forging" a URL is by DNS poisining. In essence the records on a genuine DNS server, or in the cache on a client, are altered to point to another site. (Another possibility is that the DNS setting on the client is changed to point to a fake DNS server.)

So instead of returning "209.85.135.105" when queried for the address of "www.google.co.uk" the server would return "123.123.123.123" (that's just an example, so apologies if it's someone's real address!). The fake address would then run a server pretending to be "www.google.co.uk"; once you've done that the possibilities are endless.
 

ASK THE COMMUNITY