URL spoofing is the process of creating a fake or forged URL which impersonates a legitimate and secure website.

The spoofed URL or website address looks exactly like the original and safe URL, but is actually redirecting all the traffic to a ‘booby trapped’ website.

Such websites and forged URLs are primarily used in cybercrimes such as identity theft, phishing, and various scams. The forged or spoofed URL is sent to as many target victims as possible through different means, including emails, texts, and instant messaging.

Forged URLs are also posted on other websites that are not harmful at all but they contain spoofed and forged links that would eventually lead the user to a dangerous website.

A slightly different version of URL spoofing is one in which the attacker not only creates a fake and forged URL, but he also builds a website that looks exactly like the original website.

This kind of URL spoofing attack can be potentially more harmful and dangerous, because the website looks exactly like the original one.

The website asks you to enter your username, password, credit card number, or whatever information the attacker wants to extract using that spoofed URL.

Spoofed URLs of banking or ecommerce websites could lead to heavy financial losses.

Spoofed URLs are also used by websites to track visitors and traffic on their websites. In this case, the spoofed URL is the address of the webpage which actually contains the link to the website. This kind of URL spoofing is legitimate, and is known as a URL referer.

More security questions & answers