This talk will describe several varieties of spoofing attacks that can be carried out over the World-Wide Web. These attacks are carried out at the Web level, and are distinct from IP spoofing, DNS spoofing, and similar low-level spoofing attacks. The Web spoofing attacks all attempt to trick a user into trusting some Web content by deceiving the user about the source of the content. We will discuss attacks that use timing, content spoofing, URL confusion, and other techniques. We will also describe how these attacks can be addressed, and what the browser vendors have done about them.