Web spoofing involves perpetrators "forging" WWW servers, that is to say, they set up their WWW sever to pretend that it is a particular, reliable WWW server. This is done by choosing a WWW address in such a way that many users assume they are connected to a particular institution just from the choice of address. Even if the correct computer name is used, Web spoofing is possible if perpetrators use DNS spoofing (see G 5.78 DNS-Spoofing).
Example:
It is not the official Homepage of the White House which is found under the address www.whitehouse.com but that of a prankster.
The XY bank has the WWW address www.xy-bank.de. Perpetrators can set up WWW sites under www.xybank.de or www.xy-bank.com which at first glance appear to be that of the XY bank. They then enter the addresses in various search machines, choosing keywords that XY customers may well search for.
Users who call up these sites will assume that they are communicating with the WWW server of their bank. They are therefore willing to enter their account number and PIN number or other access codes. They may also read offers there which interest them but are false, such as profitable investments or property offers which they would like to accept. If the bank cannot make these offers under these conditions or cannot make them at all, the customers are at best dissatisfied and at worst, it can end in legal disputes.
Rather than trying to manipulate or imitate an existing WWW server, perpetrators can also bring their own WWW offer into the Internet and present it in such a way that each visitor has the impression of being connected to an established, serious institution.
Examples:
Goods may be offered for the sole purpose of obtaining the credit card numbers of potential customers.
There have been cases in which trusting customers have wanted to invest money under profitable conditions with supposed banks. They only knew of these banks via the Internet and only when the expected interest failed to arrive did they realise that it was simply a private WWW site which had in the meantime been deleted