A spoofing attack is a situation in which a person or a program successfully fakes their identity and assumes that of another, to gain access to sensitive and classified information.
Spoofing attacks happen through a range of communication channels such as phone calls, text messages, emails, websites, IP addresses, and servers. And the more technical spoofing attacks involve DNS servers (Domain Name System), IP addresses, and Address Resolution Protocol (ARP).
The main motive of spoofing attacks is to harvest user data for use in further attacks, steal personal or company information, gain unauthorized access to your network, trick you into giving away financial information, or spread malware to your device through infected attachments and links.
Read on to learn about how spoofing works, why hackers use spoofing attacks today, the most common methods of spoofing attacks, and the best ways of preventing spoofing attacks.
How Does Spoofing Work?
Spoofing happens when cybercriminals trick users into thinking they are an individual or an organization they know and can trust.
For spoofing attacks to be successful cybercriminals combine the spoof itself with social engineering tactics. Social engineering tactics are techniques employed by cybercriminals to mislead us into handing over personal information, clicking spoofing links, or opening spoofed attachments.
In spoofing attacks, hackers make requests that are within the comfort level of the target victim so they don’t get suspicious. And they often indicate there’s limited time available and that you must act now.
For instance, you may not be alarmed if an email from a colleague asks you to click on a link to check out a new product selling at a discounted price. But sometimes the request is more personal, such as a request to provide your bank account details, credit card number, or social security number.
How do Hackers use Spoofing Attacks Today?
There are a variety of different spoofing techniques that cybercriminals use to accomplish this. The following are a few of the most frequent approaches:
#1. Caller ID spoofing
Your caller ID usually displays information such as the caller’s number and name with each call. However, there are techniques, especially in Voice over IP (VoIP) networks that allow hackers to modify caller ID information to present false names and numbers. The call may appear as though it’s coming from someone you know like your colleague, someone on your contact list, a company, or a brand you trust in an effort to persuade you into picking up the phone.
When you answer, cybercriminals use social engineering tactics to keep you on the phone so they can trick you into acting.
In 2009, a vindictive Brooklyn woman, Kisha Jones, spoofed the doctor’s office of her husband’s pregnant mistress Monic Hunter.
Kisha used software that enabled her to adopt the doctor’s caller ID and disguise her voice. She also obtained a forged prescription then called Hunter and pretended to be her doctor’s assistant in order to get her to take Cytotec – a labor-inducing drug – causing her to go into early labor.
Kisha was given a two-year sentence.
#2. Email spoofing
This involves forging an email header (the From field) in the hopes of duping the recipient into thinking the email originated from somewhere or someone they know or trust. Email spoofing preys on the user’s trust and naivety in order to trick them into opening malware attachments, clicking spoofing links, sending sensitive data, and even wiring corporate funds.
In April 2015, an executive at Mattel, the maker of Barbie dolls, was tricked into wiring $3 million to an account in China following a spoofed email. The email appeared to have been sent by the CEO, Christopher Sinclair (who had officially taken over only that month), requesting a new vendor payment to China. Hours later, the defrauded executive mentioned the payment to Sinclair, but he declined having made such a request.
#3. Website spoofing
Website spoofing involves designing bogus websites to resemble a trusted website with the intention of misleading visitors to the spoofing site. The spoofed website normally adopts the legitimate logo, font, and colors of the target legitimate website, and it sometimes has a similar URL to make it look realistic.
Cybercriminals use spoofed websites to steal credit card information, capture your username and password (login spoofing) or drop malware onto your device.
#4. IP spoofing
Involves the creation of IP packets with a modified source IP address in order to hide the identity of the sender or to impersonate a computer system.
Simply put, networked computers and other devices communicate by sending and receiving IP packets. Each IP packet has a header that contains important routing information, including the source IP address and the destination IP address. In an IP spoofing attack, the hacker modifies the source IP address in the packet header to make the receiving device think the packet is from a trusted source and accept it.
#5. DNS server spoofing
A type of cyber-attack in which altered DNS records are used to divert online traffic to the hacker’s server instead of the actual server. When you type in a web address into your browser the Domain Name System (DNS) quickly finds the IP address that matches the domain name you entered and redirects you to it. Hackers have found ways to compromise this system and redirect your traffic to malicious websites.
The goal of DNS server spoofing is to trick users into entering their personal information into what they believe to be their accounts but are actually fraudulent accounts. From there, cybercriminals are primed to steal data, perform phishing attacks, or inject malware giving them long-term access into the victim’s device.
In March 2006, cybercriminals were able to carry out a DNS spoofing attack after compromising servers run by an internet service provider that hosted three banks’ websites. Premier Bank, Wakulla Bank, and Capital City Bank were among the banks affected; all of which are small regional banks situated in Florida.
The hackers created replicas of legitimate bank sites and redirected traffic from the bank’s websites to their spoofing servers. Once on the spoofed websites, visitors were then asked to enter credit card numbers, PINs, and other types of sensitive information. This spoofing attack worked even on users who had typed in the correct URL of the affected banks.
#6. ARP spoofing
A type of cyber-attack that enables hackers to intercept communication between devices. In an ARP spoofing attack, cybercriminals send falsified Address Resolution protocol (ARP) messages over a local area network (LAN) in order to link their MAC (Media Access Control) address to an IP address of a legitimate machine or server on a network. As a result, the hackers are able to receive any data that is intended for that IP address. From there, they can manipulate or modify parts of the data so that the recipient can’t see them. And some hackers will stop the data-in-transit, thus preventing it from reaching the recipient.
How to Detect Spoofing?
Based on the type, it can be very easy to extremely difficult to detect spoofing.
For instance, email spoofing is effortless to spot. You can check the email address of the sender, and 9 out of 10 times, it will give away the malicious attempt. There might be slight changes in the official domain name, or it may indicate a misspelled version of the brand name. Moreover, the domain extension can be something other than what the brand really controls.
On the other hand, caller ID Spoofing is hard to detect without picking up the phone. In this case, one should always remain alert and avoid playing into their hands. Such bad actors may ask for your personally identifiable information, like credit card numbers, national ID card numbers, etc. The savior here: learn to say NO and hang up.
In case of website spoofing, the best way is to look out for any browser warnings like this:
Most modern browsers (Edge, Chrome, Firefox, etc.) will alert you in case they detect anything unusual. In addition to this, a user should ensure a padlock in the URL bar, check for the correct URL spelling, and watch out for any design discrepancies.
The thing is, web design is tough and takes time. And irrespective of how good a bad actor is, generally, they fail at creating their parody websites to perfection. There might be inconsistencies like spelling mistakes, word repetition, or anything that signal an anomaly. And don’t just check the page you landed on. Instead, click a few links and scan through the content to catch the subpar work. Additionally, the best thing is to head over to Google or Bing search and see if the same URL is ranking in search results.
However, things aren’t as straightforward for ARP spoofing. You need the expertise to use network scanning tools such as ARP scan to detect ARP poisoning. There are also automated tools like ManageEngine OpUtils that alert you in case the ARP cache is compromised.
Similarly, IP spoofing is another one in line which isn’t possible to pinpoint for an end user and should be taken care of at the network level itself. In short, tools designed to monitor IP packet headers can check if the data packets resemble the intended source. They use incoming and outgoing packet filtering to only allow the sources listed as safe.
Likewise, DNS spoofing is the most powerful way to mislead a visitor to parody websites. And there is nothing you can do if the website design is perfect. This is where you enter the correct URL and still land at unwanted destinations because of positioning at DNS servers or at your local device.
Consequently, there isn’t a catch-all method to check if you’re being spoofed. The best bet is to practice good internet hygiene, such as:
Don’t visit malicious websites
Respect browser warnings
Never open suspicious email attachments
Use premium antivirus with internet security
Respect your instincts
Change the default password on your router to prevent DNS alteration
Best Ways of Preventing Spoofing Attacks
Below are some of the things that you can do to be more proactive in protecting your network and devices from spoofing attacks.
#1. Use an Antivirus
Antivirus software installed on your devices will protect you from spoofing threats. Antivirus software scans your computer for files, programs, and apps and matches them to known malware kinds in its database.
Antivirus also checks your computer in real-time for activities that could indicate the presence of new, unknown threats. If it identifies code in its database that is identical or similar to known malware, it quarantines or removes.
#2. Install a firewall
Most antivirus software includes a firewall that protects your network by keeping unwanted intruders out. A firewall monitors and filters all traffic entering and exiting your computer or network. If an email, web address, or IP address is flagged and determined to be spoofed, the firewall blocks it from entering the network or reaching your computer.
#3. Use 2FA for your login
You can use 2-Factor authentication as an additional protection measure to protect your online accounts from being accessed by unauthorized individuals. 2FA uses a combination of two different methods of authentication, commonly something you own (your phone or bank card), something you know (a password or pin), or something you have (fingerprint, iris scan, voice pattern, or a token).
If hackers get a hold of your password through a spoofing attack, they’d still be required to use a second authentication method before your account can be accessed. That could be your fingerprint which they don’t have access to.
#4. Avoid emails and calls from untrusted sources
Always verify the email sender address because sometimes addresses will be spoofed by changing one or two letters. You should also be on the lookout for emails with:
Poor spelling because they often indicate that the sender is not who they claim to be.
Unusual sentence structure or turns of phrase.
An urgent tone. If the boss emails you, urgently requesting that you pay an invoice into a new account, check the email header immediately. This could be a spoof email.
Calls from unknown numbers should never be answered. If you receive a call from someone claiming to represent a company or a government organization asking you to, say, pay for a service, hang up and call the phone number listed on the company’s website to verify the authenticity of the request.
#5. Use a Secure Browser (or Harden Your Browser)
Always use a secure browser or consider installing browser plugins that increase online safety. A secure browser ensures your website URLs are sent from HTTPS and not other schemes like HTTP, .exe, file: or ftp.
Always look for the “lock” symbol in the browser. A secure site always has a closed golden padlock in the URL bar. And beware of unusually slow network traffic, unusual banner ads, changes in website layout, or any cosmetic difference in a website that could indicate that it’s a fake site using DNS spoofing.
#6. Use virtual private networks (VPN)
VPN services provide you with an encrypted tunnel for all of your online traffic as well as access to private DNS servers that only accept end-to-end encrypted requests.
By encrypting data before it is sent and authenticating data as it is received, a VPN creates secure communications protocols. As a result, your servers will be far more resistant against DNS spoofing and requests will not be interrupted.
Final Words 👩🏫
We are more dependent on the internet for our daily tasks, and that increases the threat of spoofing attacks. Keep your computer and phones safe, even if it means spending a few dollars to purchase licensed antivirus software. A little extra care can protect us from huge losses and regret.
I am a hubspot certified cybersecurity content writer. I have also been featured on Thriveglobal.com a health and wellness site. I also publish cybersecurity news related articles on my LinkedIn pulse. I am currently working with cyber security… read more