Web spoofing is a security attack that allows an adversary to observe and modify web pages sent to a victim's machine. The attacker can observe all information entered into forms, even when the browser indicates a secure connection. After being fooled, the spoofed web server can send fake pages or prompt the victim to provide personal information like passwords or credit cards. Types of web spoofing include IP spoofing, email spoofing, and non-technical spoofing like social engineering. The document provides examples and methods of prevention for each type of spoofing attack.