Topic no (up0004)
Fake, copycat Web sites are also called spoofed
They are designed to look like the legitimate site, sometimes using
graphics or fonts from the legitimate site. They might even have a Web
address that's very similar to the legitimate site you are used to
visiting. (For details, see Typos can cost you. Once
you're at one of these spoofed sites, you might unwittingly send
personal information to the con artists. If you enter your login name,
password, or other sensitive information, a criminal could use it to
steal your identity.
Here’s an example of the kind of phrase you might see in an e-mail message that directs you to a phishing Web site:"Click the link below to gain access to your account."
HTML-formatted messages can contain links or forms that you can fill out just as you’d fill out a form on a Web site. Phishing
links that you are urged to click in e-mail messages, on Web sites, or
even in instant messages may contain all or part of a real company’s
name and are usually masked
, meaning that the link you see does not take you to that address but somewhere different, usually an illegitimate Web site.Notice in the following example that resting (but not clicking) the
mouse pointer on the link reveals the real Web address, as shown in the
box with the yellow background. The string of cryptic numbers looks
nothing like the company's Web address, which is a suspicious sign.
Example of a masked Web address
artists also use Web addresses that resemble the name of a well-known
company but are slightly altered by adding, omitting, or transposing
letters. For example, the address "www.microsoft.com" could appear