What is Spoofing?
A Definition of Spoofing
Spoofing is when someone disguises a communication, such as an email, that comes from a source that is unknown but meant to look like it comes from a trusted, known source. Spoofing can be used with websites, phone calls, and emails, or can be more complex, such as a computer spoofing a Domain Name System (DNS) server, Address Resolution Protocol (ARP), IP address (IP Spoofing) or even GPS Spoofing.
Spoofing is used in an attempt to spread malware via infected attachments or links, gain access to a victim’s personal information, redistribute traffic to carry out a denial-of-service attack, or bypass network access controls. Malicious actors often use spoofing to gain access so that they can execute a bigger cyber-attack like a man-in-the-middle attack or an advanced persistent threat.
Attacks on successful organisations can result in loss of revenue, data breaches, and infected networks and computer systems. These are all likely to harm the organisation’s public reputation. Spoofing attacks that result in the rerouting of internet traffic can also result in clients/customers going to a malicious fake website that tries to distribute malware or steal information or overwhelm networks.
How Does Spoofing Work?
Spoofing attacks can use different levels of technical know-how and be used with several communication methods. Spoofing attacks can be used as part of phishing attacks, which aim to gain sensitive information from organisations or personal and private information from individuals.
The examples of spoofing attack methods described below explain how different spoofing attacks are executed.
Types of Spoofing Attacks
Caller ID Spoofing
Attackers use caller ID spoofing to make it seem as if their phone calls come from a specific number, either one that specifies a geographic location or one trusted and known by the recipient. Attackers then use social engineering and can pose as someone from customer support or a bank to convince the victim to provide sensitive information like social security numbers, account information, passwords, and the phone.
Email Spoofing
Email spoofing happens when attackers use emails to trick recipients into thinking it comes from a trusted and known source. The emails often contain links to attachments infected with malware downloads or malicious websites or may employ social engineering to convince recipients to disclose sensitive information.
It is easy to spoof sender information, and this is done in one of two ways:
● Making the ‘From’ field look like the exact email address of a trusted and known source
[Email Sender address Spoofing Image}
● Mimicking a trusted domain or email address by using alternate numbers or letters to appear nearly the same as the original
[Email Fraudulent Sender address]
Spoofing IP Addresses
A spoofing attack may use Internet Protocol (IP spoofing) by disguising a computer IP address, impersonating another computer system or hiding the sender’s identity. One goal of IP address spoofing is to obtain access to a network used to authenticate users based on their IP addresses.
Attackers will often spoof a target’s IP address to overwhelm the victim with traffic via a denial-of-service attack. The attacker sends packets to multiple network recipients, and when a response is transmitted, these are routed to the spoofed IP address of the target.
Spoofed Websites
Website spoofing mimics an existing site trusted and known by the user. Attackers then use these sites to gain users’ personal information, including login credentials.
DNS Server Spoofing
Domain Name Servers (DNS) resolve email addresses and URLs to corresponding IP addresses. DNS spoofing permits an attacker to reroute traffic to different IP addresses, taking victims to sites used to spread malware.
ARP Spoofing
The ARP (Address Resolution Protocol) resolves IP addresses to MAC (Media Access Control) addresses when transmitted data. An attacker’s MAC is linked to a legitimate network IP address with ARP spoofing. This allows an attacker to receive data meant for the IP address owner. Although this type of spoofing is often used to modify or steal data, ARP Spoofing can also use it in session hijacking, man-in-the-middle attacks, or denial-of-service attacks.
Protecting Against Spoofing Attacks
The best way to prevent spoofing from being successful is to be attentive to spoofing signs, whether by phone, websites, or email.
When looking at communication to determine if it is legitimate, watch out for:
• Unusual turns of phrase or sentence structure
• Inconsistent/incorrect grammar
• Bad spelling
These errors often indicate that the communication is not from who it claims to be.
Other things to check include:
● The webpage URL: the spelling can be changed slightly to fool a user that doesn’t look closely.
● The sender’s address: addresses will sometimes be spoofed simply by altering one or two letters in either the domain name or local-part (before the @).
Never download unexpected or unfamiliar attachments or click on strange links. If you see this in an email, send a reply asking for confirmation. If an email address has been spoofed exactly, the reply will not be sent to the person spoofing it but to the actual person with the email address.
Treat unexpected phone calls with caution and be guarded about the information the caller requests. Search the phone number shown as the caller ID to determine if it’s linked to scams. As caller ID numbers can be spoofed, terminate the call and phone back even if the number seems legitimate.
It is sometimes easy to identify spoofing, but this is not always the case. An ever-increasing number of malicious actors are using sophisticated spoofing attacks that need users to be vigilant. If you are familiar with different spoofing methods and their indications, it can help you prevent becoming a victim.
