More info about Phish and spoofed sites

I’d forgotten that it may not be enough to rest your mouse on a hyperlink to verify the address in the status bar . That sort of thing can be tampered with. But when you’re on some site you’re not too sure about, you can type this code into the address bar and click it to get an alert box giving you the actual URL and the address URL, with a warning that if the server names don’t match, it may be a spoof of a site.

javascript:alert(“The actual URL is:\t\t” + location.protocol + “//” + location.hostname + “/” + “\nThe address URL is:\t\t” + location.href + “\n” + “\nIf the server names do not match, this may be a spoof.”);

Even better is to follow this advice – Never use any hyperlink to go to a banking page, or some page where you’re requested to give personal information. Always type the address in the address bar yourself. And bear in mind that these sites should be securely locked – SSL – with a padlock icon in the corner. Found this info on HTML Goodies: https://www.htmlgoodies.com/beyond/security/article.php/3473221

One Comment