What is spoofing?
As it pertains to cybersecurity, spoofing is when a person disguises themself as a trusted source to gain access to important or sensitive data. The person typically impersonates a well-known contact or brand in order to gain the victim’s trust and obtain their personal information.
Spoofing attacks can happen through websites, emails, phone calls, text messages, IP addresses, and servers. For example, a spoofing attack may look like an email from PayPal or Amazon inquiring about a purchase you made. But this email isn’t really from PayPal or Amazon, and you never really made the purchase. However, since you trust those big-name companies, and you’re worried about your account, you click the included link.
That link is a malicious link. It can download malware on your computer or send you to a fake login page (that looks very similar to an authentic login page) and have you enter in your credentials or payment information. The scammer now has your username and password.
There are a lot of different types of spoofing, but almost all of them rely on the victim being naive to a cybercriminal’s schemes.
Also read: What is Cybersecurity?
Types of spoofing attacks
Email spoofing occurs when an attacker creates and sends an email from a false sender address that their intended victim will recognize, such as one by their bank. This is typically part of a phishing attack, designed to to lead the victim to click a link or download an attachment, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack, or directing users to a malicious website that is disguised as a legitimate site, in which the victim enters in personal information. The results can include large unauthorized purchases, identity theft, and the stealing of funds. Common requested actions in a phishing scam include:
- Clicking an attachment
- Enabling macros in a Microsoft Word document
- Updating a password
- Downloading a file
- Responding to a social media connection request
- Using a new Wi-Fi hotspot
In corporate settings, an attacker may impersonate high-ranking executives or leaders and request sensitive information from employees.
A spoofed email will have some red flags. For example, a spoofed email from Facebook may have an email address that appears to be from Facebook, but the body of the message is written in basic text, and there are no designs, logos, or buttons present—which isn’t typical of Facebook emails. Consequently, spoofed emails will include a combination of these features to look out for:
- False sender address: Designed to look like it’s from someone you know and trust. For example, a real PayPal email address will look like [email protected], but the false sender will look like [email protected]
- Personalization: In the case of corporate email spoofing, the email may include familiar branding such as logos, colors, fonts, etc. In addition, the email may include personalized language and address the victim by name.
- Typos: A typical spoofed email will be riddled with typos or appear as though the email has been translated through Google Translate. The wording will be disjointed or not make much sense. An example:
Greetings of the day,
If you please, clikc on this data attachment and make sure ths data is well and good.
Website spoofing is when an attacker makes a dangerous website look like a safe one, using legitimate and familiar fonts, colors, and logos. When a victim logs into this account, the attacker obtains the credentials.
A spoofed website is typically used in conjunction with a spoofed email by including the link to the website in the email. The site’s copy will say that your account has been locked (or something similar) and request you to unlock it by verifying your credentials.
Malicious spoofers will sometimes use a cloaked URL, which redirects the victim through the spoofer’s own system to collect the victim’s personal information. This URL can be disguised by inserting special control characters that contain a different meaning from what the user sees.
IP spoofing happens at a deeper level of the internet than email spoofing. It’s used when an attacker wants to hide or disguise the location from which they’re sending or requesting data online and can give the attacker access to networks that authenticate users based on their IP address.
IP spoofing is particularly used in DDos attacks, in which multiple compromised systems are used to target a single system. These types of attacks can cause significant, widespread damage because they usually impact the entire infrastructure and create disruptive, expensive downtimes. It’s easier to block traffic from a single IP address, but with IP spoofing, hackers can make traffic appear as though it’s coming from multiple sources, making it difficult for the target to respond.
Also referred to as DNS cache poisoning, Domain Name Server (DNS) spoofing is a form of computer security hacking in which false information is placed in a DNS resolver cache. Altered DNS records are used to redirect online traffic to a fraudulent website that resembles its intended destination.
With DNS spoofing, unsuspecting victims end up on malicious websites. Once there, victims are prompted to log into their account (or a false version of it), giving the attacker the ability to steal their credentials and other types of sensitive information. The malicious website is also used to install worms or viruses on a victim’s computer, giving the attacker long-term access to both the computer and the data it stores.
Also known as geo-spoofing, GPS spoofing is the process of hiding a true location by making a device appear to be in a different location than it really is. The user can change locations or countries to be in the location of their choosing. GPS spoofing is used to access blocked content, apps, and streaming services, protect a user’s privacy, or to simply conceal a location to avoid detection.
For geo-spoofing to work, a user has to change their IP address. To do this, the most popular method is to use a Virtual Private Network (VPN) to fake a location. Similar to a proxy server, a VPN will make it look like traffic is coming from a different location with a new IP address. Any mobile app that relies on location data from a smartphone could be a target for this type of attack.
Address Resolution Protocol (ARP) spoofing allows an attacker to infiltrate a local network (LAN) by masking their computer as a network member. Scammers will use ARP spoofing to steal information via man-in-the-middle attacks, which is when a scammer intercepts a conversation and impersonates both participants to collect the information being transmitted between the two parties.
Caller ID spoofing
With caller ID spoofing, an attacker makes it appear as if their phone call is coming from a specific number—either one that is known and trusted to the victim, or one that indicates a specific geographic location or local area code.
Most caller ID spoofing happens using a Voice over Internet Protocol (VoIP) that allows scammers to create a phone number and caller ID name of their choosing. Once the victim answers the phone, the attacker attempts them to divulge sensitive information.
Spoofing vs phishing
In some cases, particularly with email, spoofing is an interchangeable term for phishing. Email spoofing simply refers to a type of phishing attack.
In the simplest form, phishing aims to take hold of personal information by convincing the user to provide it directly. Spoofing aims to steal or disguise an identity so that a scammer can conduct malicious activities. Both tactics use a level of disguise and misrepresentation.
The only difference between the two lies in the purpose. The primary purpose of spoofing is identity theft, whereas the primary purpose of phishing is to obtain sensitive information. When spoofing and phishing work together in tandem, the threat is easier to fall victim to. Many phishers use spoofing to trick their victims into believing their email is legitimate. This kind of social engineering is how phishing scams convince users to disclose their personal information.
History of spoofing
The noun and verb spoof refers to trickery and deception. According to the Merriam-Webster dictionary, the origin of the word is traced back to 19th century English comedian Arthur Roberts.
Roberts created a game of trickery and deception (in which the rules of and the game itself have been lost to time) called Spoof. In the early 20th century, spoof became synonymous with parody. And while spoofing still references something funny and positive, it also relates to cybercrime.
How to prevent spoofing
The best way to protect against spoofing is to be vigilant in identifying a spoofing attack and knowing what it looks like. Follow these tips to protect yourself against spoofing:
- Turn on your spam filter if you haven’t already. This will stop a majority of spoofed emails from making it into your primary inbox.
- Don’t click suspicious links. Hover over links to ensure that the destination is the correct one. If possible, navigate to the intended site by using a search engine instead of clicking on the link.
- Don’t open attachments you didn’t expect to receive.
- Hide your IP address. This can be done using a VPN to create a separate secure tunnel between your device and the website you’re accessing.
- Set up two factor authentication to add another layer of security to your passcodes.
- Invest in cybersecurity software, such as antivirus software. This is one of the best ways to defend yourself or your business against spoofing.
- Don’t give out personal information unless you’re sure it’s a trusted source.
- Don’t use the same password for multiple accounts. Set up unique alphanumeric passwords for every new account, making it more difficult for scammers to access your account.