Spoofing occurs when malicious actors and cybercriminals act as trusted human contacts, brands, organizations, as well as other entities or devices so that they can access systems and infect them with malware, steal data, and otherwise cause harm and disruption. At its core, spoofing is any action where a scammer disguises their identity to gain trust or bypass normal access rules.
Spoofing can range from simple to complex, with attempts made through emails, websites, and phone calls, all the way to attempts to trick unsuspecting networks by spoofing Domain Name System (DNS) servers, and Internet Protocol (IP) addresses. Many spoofing attacks come through attempts at social engineering, which involves manipulating and tricking unsuspecting users into giving away vital information like passwords and bank information.
What Is Spoofing and How Does It Work
Spoofing works by using various high-tech and low-tech tactics to convince the end-user to divulge sensitive information or take a particular action (like clicking a link or downloading a file) that enables the cybercriminal to damage systems or steal information. While not an advanced persistent threat (APT), various types of spoofing may be employed as a part of more coordinated, ongoing attacks. Below are the various types of spoofing that cybercriminals use.
Various Types of Spoofing
Email spoofing happens when the sender uses a fake email address to conduct criminal activity. This can be anything from sending attachments that, when downloaded, install ransomware or other malware that spreads across an entire network, to convincing the end-user to send money or sensitive financial information. Much like phishing and other social engineering, email spoofing uses emotionally manipulative tactics like creating fear or urgency to make the end-user take quick action.
Email spoofing is one of the most common forms of this attack and is highly effective. That's because cybercriminals disguise the emails to look like they’re from an organization that the end-user trusts. Or, they disguise the “From” field to mimic that of someone on the recipient’s contacts list. It can take a savvy email user to detect the forgery and not engage with the message by opening or downloading an attachment.
Caller ID Spoofing
Caller ID spoofing is when the attacker calls someone and deliberately sends false information to change the caller ID. VoIP (Voice over Internet Protocol) is the vehicle of choice for most caller ID spoofing attempts because the service uses the internet to send and receive calls. The attacker can then use VoIP to choose a phone number or display a name on the caller ID that looks familiar or from a region the caller won’t consider suspicious.
As with email spoofing, the next step of caller ID spoofing requires social engineering techniques to trick the person on the other end to provide information or take an action to help the criminal carry out their attack.
Text Message Spoofing
Also referred to as SMS spoofing, text message spoofing occurs when the text message sender uses fake display information to hide their identity and trick recipients into performing an action. They’re able to do so by using an alphanumeric sender ID, which may not seem too suspicious since legitimate companies do the same thing for marketing purposes. However, scammers will include links to SMS phishing websites or malware downloads in their text messages.
Website spoofing is the act of making a fake, malicious website look legitimate and safe. Cybercriminals typically disguise it using familiar brand logos, colors, and layouts so that the fake webpage very closely resembles that of a website you visit often or from a company you trust.
Attackers will often pair website spoofing with email spoofing by delivering the website link via email, typically sending the end user to a spoofed login page that collects user names, passwords, and other personal information, or by dropping malware onto the end user’s computer.
IP Address Spoofing
IP spoofing involves hiding or impersonating another computer system or mobile device by creating Internet Protocol (IP) packets with a modified source address. Since IP packets are the primary vehicle that networked computers and devices use to communicate, the intent of IP spoofing is generally a DDoS (distributed denial of service) attack. These overwhelm the targeted network with traffic until it shuts it down. In other scenarios, the cybercriminal simply wants to hide their location from the recipient, this approach can be used with email spoofing or website spoofing to add more legitimacy to the attack.
Domain name system (DNS) spoofing occurs when an attacker alters DsNS records and uses them to redirect online traffic to a fake website that poses as the intended website. Also referred to as DNS cache poisoning, DNS spoofing involves replacing the IP addresses stored in the DNS server with the cyberriminal’s fake IP addresses. The ultimate goal of the attack is to guide the end user to a fake and potentially harmful website.
When attackers use GPS spoofing, they send a fake GPS signal to a GPS receiver. The receiver that’s been tricked then sends fake location data to other impacted GPS devices. Since mobile devices rely heavily on GPS services, they’re particularly susceptible to this kind of cyber attack. More serious GPS spoofing attacks can involve in the area to show an incorrect location. Cybercriminals use GPS spoofing to gain control of vehicles, boats, drones, and anyone relying on a navigation system. GPS spoofing is an advanced tactic that can be used to hijack drones or ships and to interfere with military navigation systems.
One of the more sophisticated cyberattacks, Address Resolution Protocol (ARP) spoofing happens when the attacker connects his Media Access Control (MAC) address to the targeted IP address. Once connected, the criminal can intercept, modify, or steal data meant for the targeted IP address. ARP spoofing can be used for denial-of-service attacks or even system hijacking schemes.
Today’s average computer or mobile device users know not to install executable files, especially those received from unknown and unverified sources. Cybercriminals use extension spoofing to trick end users into installing executable malware files by disguising the true file type. For instance, a malicious file may be named report.doc.exe. However, the fake file name only shows up as report.doc in the user’s email.
Instead of making it easier to convince people to download and install attachments. Cybercriminals know that people have been warned against installing executables. The cybercriminal may disguise a malware executable with a spoofed extension such as doc.exe. Because Windows hides file extensions by default, the file displays in the email as newfile.doc. The unsuspecting recipient is then more likely to download and install the file.
What Is Spoofing and How to Protect Against Spoofing Attacks
The first and most important step to protect against spoofing attacks is to be on the lookout for obvious signs of spoofing. One of the most common signs is websites, emails, or other communications with poor spelling or grammar. Also, be sure to examine the colors, font, and logos of websites and emails that appear to be from trusted companies and brands. Other ways to protect against spoofing are:
- Install malware protection and anti-spam software
- Only visit websites with a valid security certificate (https:// at the beginning of the URL)
- Hover over a URL before clicking it to make sure that its destination is a trusted source
- Use spam filters to prevent malicious emails from making it to your inbox
- Examine the email sender’s email address to be sure there aren’t misspelled or otherwise incorrect text before the email domain (the domain is the information after the @ symbol)
- Don’t click on links or opening attachments from unknown senders or unfamiliar domains
- Choose strong passwords, and use two-factor authentication when possible
- Regularly update all applications, operating systems, browsers, network tools, and internal software to ensure you’ve installed the most recent, secure version
- Use real-world scenarios to educate employees on how to avoid falling prey to social engineering
What Is Spoofing: How to Know if You’re Being Spoofed
For websites, poor spelling and grammar, contact forms that ask for personal or sensitive data, broken links are all clues that you're being spoofed. Also, websites without a padlock in the URL bar, or http instead of https may be spoofed.
For emails, if a message contains misspellings, unfamiliar language and grammar, as well as unrecognizable embedded links or attachments, chances are you’re being spoofed. Also, social engineering tactics like creating a sense of urgency or instilling fear are clues that a message may be an email spoof.
For Caller ID spoofing and text message spoofing, unknown and blocked phone numbers, or calls and texts that seem to show up on repeat are all signs.
How Phishing Simulations Help Defend Against Spoofing
Phishing simulations are a great way to help protect organizations from spoofing. Since many forms of spoofing involve phishing and other social engineering, simulating the attacks is an effective way to train employees by using attacks that look like real-world spoofing.
Spoofing vs Phishing — What’s the Difference?
To answer the question: what is spoofing, there are two main differences between spoofing and phishing you need to understand. Spoofing involves a cybercriminal stealing an identity and posing as a legitimate user, whereas phishing involves malicious actors stealing sensitive information of the user like bank account details. Secondly, spoofing requires the end user to download a malicious file, phishing attacks are a form of social engineering, and usually include a link to a fake website where the end-user may be tricked into providing sensitive data. While they’re not the same thing, cybercriminals may use phishing as part of their spoofing attack.
Learn the types of attacks on a system, the techniques used, and more with the Certified Ethical Hacking Course. Enroll now!
Stay Ahead in Cybersecurity
Simplilearn’s Post Graduate Program in Cyber Security is designed to help students learn comprehensive approaches to protecting infrastructure and securing data, including risk analysis and mitigation, cloud-based security, and compliance. Master in cyber security course in India Graduates complete the program with industry-leading practices, with both foundational to advanced skills that prepare them to succeed in cyber security roles across any industry.