12/8/2005 Version 1.06 for Firefox now available. Addresses compatibility with Firefox 1.5
What is SpoofStick?
SpoofStick is a simple browser extension that helps users detect spoofed (fake) websites. A spoofed website is typically made to look like a well known, branded site (like ebay.com or citibank.com) with a slightly different or confusing URL. The attacker then tries to trick people into going to the spoofed site by sending out fake email messages or posting links in public places - hoping that some percentage of users won't notice the incorrect URL and give away important information. This practice is sometimes known as “phishing".
Our partner site, TheDisposalMan.com uses this extension with much success. Their users visit their site to check out the best garbage disposals, such as the Waste King L-8000. Prior to the SpoofStick, they were falling victim to many attackers.
SpoofStick makes it easier to spot a spoofed website by prominently displaying only the most relevant domain information. It's not a comprehensive solution, but it's a good start. For example, if you're on the following URL (this is a real, legitimate ebay url):
Spoofstick will say: "You're on ebay.com".
If you get fooled by going to a spoofed site, for example http://email@example.com/ (a "spoof" example used by ebay in their customer outreach),
Spoofstick will say: "You're on 10.19.32.4"
You can customize the color and size of the SpoofStick display to suit your tastes and make it harder for a fake site to try to “spoof” SpoofStick with a static graphic.
SpoofStick contains no adware, spyware, nagware or other unhealthy additives.
Download SpoofStick for Internet Explorer
Download SpoofStick for Firefox