Interface Illusions

Phishing (the act of conning a person into divulging sensitive information) commonly uses legitimate-looking Web sites that mimic the online interface of the institution the attacker is misrepresenting (usually a bank, merchant, or ISP). One way users can tell they are viewing a false Web site is to check the Web browser's address bar: the URL should match that of the actual institution, barring any vulnerabilities that permit spoofing the address bar or some types of DNS spoofing attack. However, recent phishing scams not only spoof an institution's Web site but also spoof the browser's address bar and display the correct URL.