A form of attacking information system by confusing the users by using things they think look familiar, but are harmful.

In other words, a method with which a cracker (or other malevolent being) can trick lusers to do things the attacker wants, by giving the luser something that (at first glance) looks like the familiar, safe thing the user always sees, but what actually is something sinister.

In even simpler terms: "Confuse them to do things you want."

Crypto-Gram of February 15, 2001 describes a semantic attack on URLs. Basically, the attack looks like this:


Now, to casual viewer, this looks like a page at legitimatesite.com. However, since the slash is missing from after the site name and there are no slashes in the stuff between http:// and @ sign, it's interpreted as HTTP user name, and the user ends up to http://WWW.XXX.YYY.ZZZ/some/page.html ...

In the example given in the Crypto-Gram, the link looked like a CNN URL.

Outside the Internet, this is probably known as misleading advertising.

