Fraud is almost as old as humanity itself: there have always been scammers who try to take advantage of the inexperience, ignorance and naivety of others. Certainly, today’s cheaters have nothing to envy to the cheaters of the past.
Nowadays, scammers combine ancient deceptions with modern technology to create an unprecedented monster, spoofing. The Merriam-Webster American dictionary defines “spoofing” as “the act of making good fun of a particular topic,” but there is nothing funny about online spoofing.
Spoofing, in the language of computer science, literally means deception.
Scams have existed, so to speak, since the dawn of time and in the era of digitization, they have also spread to the virtual world. In this context, the spoofing attack technique was born and developed, which generally indicates illegal behavior.
To explain what it is, we will ask you a question:
Do you know when a person pretends to be someone who is not to be able to steal something from you?
Well, that’s roughly the logic of spoofing. The hacker who uses spoofing is the one who pretends to be someone else to gain access to sensitive information.
Spoofing techniques usually exploit some technologies present in the company including: communication systems via e-mail, phone calls, IP addresses, corporate websites or even through instant messaging services (SMS).
For the success of a spoofing attack against a natural person, the hacker uses social engineering to empathize with his victim, exploit his weaknesses and strike without restraint.
By definition, spoofing is an attack technique that manipulates data transmitted within a network or in a communication process in order to obtain unauthorized access to a system, or for the transmission of infected files or even more easily, to obtain sensitive data from your interlocutor.
Summary: Spoofing is a substitution of person, in which an unknown sender pretends to be a known sender and is trusted by the recipient. Hackers rely on spoofing to access their victims’ sensitive data or to use their computational resources to carry out cyber-attacks. Read on to find out the main types of spoofing attacks.
What is Spoofing ?
Just like real-world scammers, online thieves use impersonation to steal sensitive and important information or getting the access to bank accounts. This practice is called spoofing.
Spoofing is fraud in which an unknown sender pretends to be a known sender, trusted by the recipient. A spoofing attack occurs when a person (spoofer) pretends to be someone else in order to trick their target into sharing their personal data or taking an action on behalf of the spoofer.
Generally, the spoofer will take all the time necessary to build a relationship of trust with their target, so that the latter is more likely to share their sensitive data.
The term “Spoofing” derives from English language and refers to everything that anything that involves cheating or deception.
The English word spoof dates back to about a century ago. However, today it is used almost exclusively in the IT world to talk about a particular type of cyber-crime. In general, we talk about spoofing whenever a scammer hides his identity.
Spoofing can take place on many communication channels and requires very different levels of technical skills. To be successful, a spoof attack must use some social engineering techniques.
This means that the scammers study the victim to customize the attack and make it more effective. Social engineering relies on the weak points of the human character, for example on fear (see the scams related to the coronavirus), on the victim’s naivety or on his greed.
One of the oldest email scams in the world is the one that sees an elusive millionaire residing in an exotic country who needs a “business partner” to deliver a large wire transfer to the destination country. This scam is based on the recipient’s greed and his naivety;
Fortunately, with the passage of time, computer maturity has increased and fewer and fewer people fall into these traps.
Consequently, scammers are always looking for new categories of vulnerable people, such as the elderly or, conversely, the very young. In general, however, we speak of social engineering when the scam involves a certain level of sophistication and personalization, taking the name of spear phishing.
In principle, spoofing attacks aim to convince the victim to take an action, to consider information as true or to recognize the authority of a source. If this sounds abstract to you, here are two common examples outside the virtual world:
The “false promise of marriage”: to gain access to the victim’s financial assets, the scammer pretends to be a loving spouse.
The “false nephew”: the scammer telephones an elderly person pretending to be their nephew and invents an emergency situation that leads the victim to make a transfer.
In both cases the scammer uses a gimmick. Digital systems offer many other opportunities to create this type of scam.
The Internet makes it possible to send messages in large volumes without great effort; at the same time, it is often relatively easy to falsify the identifying characteristics of messages. Many spoofing attacks are possible precisely because the Internet was designed as an open system. Efforts to try to increase Internet security are always ongoing.
Since person substitution occurs through technological means, spoofing can take various forms. In its most primitive form, spoofing refers to the substitution of a person by telephone: you are the victim of telephone spoofing when for example someone on the phone introduces himself, lying, as a representative of your bank and requests information about your account or credit card. To make fake calls more credible, spoofers have also started using software that creates fake phone number identifiers, a practice known as phone number spoofing.
The more sophisticated forms of spoofing, however, take place online. In most cases, they consist in sending fraudulent e-mails to unsuspecting targets, but they can also involve devices and addresses. Regardless of the type, almost all spoofing attacks are malicious.
Typically, attackers want to access the victim’s personal information, spread malware, access private networks, create botnets for the purpose of carrying out cyber-attacks, or cause the victim to lose money.
Spoofing is not illegal by itself, as sometimes you may have to forge your phone number, IP address or even your name to protect your identity and be able to access certain services, which otherwise would not be available in your geographical area.
However, using spoofing to swindle and deceive someone or engage in criminal activities is illegal. Depending on the severity of their attack, spoofers may receive fines and / or penalties; they may also have to compensate the victim for any losses suffered as a result of the attack.
How does Spoofing work ?
Hackers, for example, can use this technique to send you emails that appear to be from someone they trust, in order to prompt you to provide sensitive data. Or, they may try to exploit IP and DNS spoofing to trick your network into hijacking you to fraudulent sites that will infect your computer.
In brief, spoofing can appear with different types in various situations, such as IP address spoofing (sending messages to a computer using an IP address that makes it appear that the message was sent from a trusted source), mail spoofing (changing the header of an email to make it appear to come from someone or something other than the actual source) and DNS spoofing (changing the DNS server in order to hijack a specific domain name to a different IP address).
Types of Spoofing Attacks
Cyber-criminals use various methods and techniques to carry out spoofing attacks and steal sensitive information from their victims. Some of the more common types of spoofing include:
In a web spoofing attack, the hacker creates a convincing but fake copy of an entire website, a clone. The website has all the appearance of the actual website – that is, it contains the same pages and links as the real website., but it is completely under the control of the hacker. So all network traffic between the victim’s browser and the website goes through the hacker.
This can be done by misleading users in order to steal passwords, personal or payment data. This type of technique is not a real attack that is launched against a website but focuses more on the reputation of the site itself and on the actions of the users.
In more details, a web-spoofing attack, the hacker can observe or modify all data going from the victim to the website server. In addition, the hacker can monitor all traffic returning from the web server to his victim. Subsequently, the hacker can employ various types of attack.
The two most common methods a hacker can use to enter networks are sniffing and spoofing. Sniffing is a surveillance activity as the hacker passively observes network traffic.
Spoofing is a manipulation activity as the hacker convinces a host that he is another trusted computer and therefore prepares to receive various information.
In a Web-spoofing attack, the hacker records the content of the Web pages visited by the victim. When the victim fills out a form on an HTML page, the victim’s browser transmits the data to the Web server.
But since the hacker has intervened between the client and the server, he will be able to record all the data entered by the client. In addition, the hacker can record the contents and responses that the server sends to the client. Since most Internet commerce services use web forms, the hacker will be able to observe bank account numbers, passwords and other confidential information that the victim enters on the cards.
Email spoofing is the most common form of online spoofing. Email spoofing attacks, which are among the most prevalent, often involve things like requesting personal data or financial transactions. The emails appear to come from trusted senders, such as customers, colleagues or managers, but they actually come from hackers who deliberately pretend to be someone else to gain the recipient’s trust and get him or her help in what they want to do. The request could be for a money transfer or authorization to access a system.
Additionally, spoofing emails sometimes contain attachments that, when opened, install malware, such as Trojans or viruses. In many cases, malware is designed not only to infect the computer but also to spread across the network.
This aspect of spoofing relies heavily on social engineering – the ability to persuade a user to believe that what they are seeing is legitimate and voluntarily disclose the information by asking them to take an action such as opening an attachment, transferring money, and more.
Often they create fake home banking sites or digital wallets and insert links to them in their e-mails: when an unsuspecting victim clicks on the link, they will be redirected to the fake website where they can log in with their data; obviously, such data will be sent to the spoofer who created the false e-mail.
While email spoofing is aimed at the user, IP spoofing is aimed at the network. In IP spoofing, a hacker attempts to gain unauthorized access to a system by sending messages with a false IP address to make it appear that the message is from a trusted source, such as the internal computer network itself.
Cyber criminals achieve this by taking the IP address of a legitimate host and altering the headers of packets sent by their system to make it appear that they are from the original and trusted computer.
A spoofer applying browser hijacking can essentially divert visitors from a legitimate website to another similar looking but fraudulent website that will steal visitors’ personal and payment data. This technique is known as website spoofing.
DNS server spoofing
Through the DNS spoofing mechanism, the attackers tamper with the Domain Name System (DNS) or the unique address that is assigned to each website and that we users see as “www. … ” Of some specific websites and redirect data traffic to other malicious websites.
This technique is also referred to by experts as DNS cache poisoning and in fact prevents users from surfing freely online, since all traffic is automatically redirected by the hacker to unwanted websites. The unquestionable goal is to drag the user onto websites that can infect him and allow the hacker to conduct a more structured cyber attack.
Spoofing of the caller ID
The most widespread spoofing technique uses one of the most widespread technologies both among individuals and professionals: the telephone.
Cell phone spoofing, sometimes referred to as caller identification fraud, is the practice of altering a caller’s number identification so that a different number appears on the recipient’s caller ID.
The first company to offer the service commercially was Star38 in August 2004, according to a USA Today article published just days after the company opened its Internet portals for businesses. Numerous pieces of legislation have since been proposed that would make spoofing illegal, but legal protection remains limited.
It is also known as a phone scam and indicates when an attacker makes calls or texts their victims by pretending to be someone they are not. This hacker attack method still maintains the objective we were talking about above: to push the victim to reveal sensitive information or even to take an action, such as paying sums of money.
To be able to deceive the poor unsuspecting victim, the bad guys usually hide behind false identities, taking advantage of the notoriety and authority of some famous companies. A classic example of telephone spoofing is SMS from fake accounts of Post Office, banks or even from telephone companies.
As the fraudulent technique appears in modifying the caller’s number by pretending to be a banking institution, a charity or to offer false prizes and contests for the sole purpose of inducing interlocutors to transfer money, communicate personal data or compromise the phone device itself.
Or, a classic example of a telephone scam can be considered a phone call from a fake technical support of a company or from a body for the collection of certain taxes. In short, telephone scams can use anyone’s identity and are also defined as vishing or smishing.
Here’s how to defend yourself, There are two ways to protect yourself from cell phone spoofing: restricting incoming calls and verifying the identity of a caller once you’re on the phone.
Text message spoofing occurs when a hacker sends a text message with someone else’s phone number or using an encrypted service.
For example, if you have an iPhone and sync iMessages with your MacBook or iPad, you are spoofing your phone number to send a text message, because the message didn’t come from your phone, but from a different device.
New day, new cyber-attack coming.
Spoofing attacks can also affect GPS signals, albeit to a much smaller extent. Some attacked, resort to this technique to hit the GPS signal of a device, or even a vehicle, confusing it. The hacker causes the affected device to lose its GPS coordinates.
Each device connected to the Internet has a MAC (Media Access Control) address linked to the unique IP address of the device via ARP (Address Resolution Protocol).
Cyber-criminals can hack into their target’s local network and send fake ARP data; as a result, the hackers’ MAC address will be linked to the target’s IP address, so the hacker can obtain detailed information on the target’s incoming traffic.
Hackers use ARP spoofing to intercept sensitive data before it reaches the target computer. Some hackers can also modify parts of the data so that the recipient cannot see it, while others will block the data in transit so it cannot reach the recipient. ARP spoofing attacks can only be performed on local networks with ARP; moreover, the hacker must first obtain access to the local network.
Man in the Middle Attack (MitM)
Have any of you ever heard of MitM attack or Man-in-the-Middle attack?
Well, know that even this technique can be considered as a spoofing attack, since the identity of the hacker intervenes in a communication process between two nodes or between two users and where the traffic is intercepted. Again, the attacker gets hold of sensitive information and data such as login credentials to websites or credit card numbers
How to know if you are the victim of a spoofing attack
If you suspect you’ve been spoofed, look out for some signs of the most common types of spoofing:
Indications of email spoofing
Pay attention to the sender’s address: if you think that an email you received may come from a fraudulent address, check it carefully. Often, scammers create addresses similar to those of the victim’s contacts to deceive them. If the email has suspicious content but the address seems correct, contact the sender to ask for confirmation.
Be very careful with attachments – this is the riskiest part of any email, especially if it comes from an unknown sender. However, sometimes an infected attachment that appears suspicious can come from a known contact. If you have any doubts, for safety it is better not to open the attachments and ask the sender for information.
Badly written messages: When a message contains grammatical or spelling errors, it is possible that it is a phishing attempt.
Do some research: search online for information about the sender and contact them directly to verify that the email received is authentic. Also, if you have any doubts, you can copy the body of the email and paste it into the Google search box, inserting it in quotation marks. This way, the engine will look for exactly the text you entered. If you get any results, it means you’ve received a prepackaged message and it’s a scam.
Indications of website spoofing
Check the address bar – the first thing to do is to check the browser address bar because hackers do not purchase SSL certificates for the domains of their phishing sites. So check if the page protocol is HTTPS or HTTP only without the final S, the S of the https protocol stands for secure and means that the site is encrypted and protected from cyber-criminals.
But be careful: websites that do not use this protocol are not necessarily fraudulent. Sites that do not require a login and do not record personal data do not need security certificates, so in these cases we can rest assured.
Try using a password manager – software that automatically fills in login forms won’t work on spoofed sites. you must be suspicious, if your password manager doesn’t work automatically,
You do not see the padlock icon: another graphic clue to the security of a website is the small padlock icon or a light green bar to the left of the URL.
Indications of caller ID spoofing
Receive calls from unknown numbers – almost certainly spam or the phone number is spoofed. Never answer these calls, especially if the call comes from abroad (find out how to block spam on your mobile).
Get answers to questions you haven’t asked – such inconsistencies are always symptoms of cyber threats. For example, you may receive an SMS or an email whose subject begins with “RE:” (reply) and refers to a conversation you may have had.
How to defend yourself against spoofing
There are many things you can do about it. Follow our anti spoofing tips:
- Activate the spam filter: this way, most of the spoofed emails will be blocked before reaching your inbox.
- Examine the communication: As we saw above, messages used in spoofing attacks often contain grammatical errors, format errors, or simply implausible statements (you won an iPhone in a contest you didn’t even participate in). In addition, also double-check the website URL or the sender’s email address.
- Verify the information: if an email or a call seems suspicious to you, contact the sender to verify the veracity of the information contained in the message.
- Hover the mouse over names and icons before clicking: if a URL or an email attachment does not convince you, hover over it to view the exact destination or full name of the file.
- Set up two-factor authentication: it is the safest method ever to protect your digital accounts. And if you want maximum security, you can use 2-factor authentication along with other strategies. For example, for highly sensitive content you could purchase a security token, thereby adding a hardware layer to your cyber protection system.
- Invest in professional cybersecurity software: if two-factor authentication is the safest method at the application level, at the device level it is essential to install an effective cybersecurity program. In this context, when we say effective we mean powerful software, complete with all the most useful features, which is updated frequently and which does not slow down the device on which it is installed.
In addition to these recommendations, it is also good to remember what you must NOT do:
- Do not click on suspicious links, attachments, or buttons – in most cases when any of these elements seem fraudulent, it probably is.
- Do not reply to emails or calls from unknown senders: when in doubt it is better not to trust, unless you are waiting for a call or a message from a certain person who is not yet included in your contacts.
- Do not disclose personal data: avoid sharing confidential information such as your identity card number or your date of birth, unless the person requesting it is 100% trustworthy.
- Don’t always use the same passwords: Create hard-to-guess passwords and change them right away if you think an account has been hacked. But above all, do not use the same password for multiple accounts, in order to limit the damage caused by a possible violation of an account.
How is spoofing recognized?
Email spoofing is the easiest to recognize, as it directly attacks users. Any unusual email requesting sensitive information could hide a spoofing attempt, especially if it requires a username and password. Remember, legitimate sites never ask for this data. You can also verify the email address to make sure it comes from a legitimate account. However, you may never know that you are a victim of IP or DNS spoofing, although keeping an eye out for small changes or unusual behavior should give you some suspicion. If you have any doubts, it is best to play in advance, to avoid serious problems.
Can Spoof Attacks Be Removed?
Since spoofing is a type of impersonation, there is nothing to remove. To protect yourself, just use common sense and discretion when surfing the net or replying to emails, even when you think they are trustworthy.
How to protect yourself from spoofing/prevent spoofing
Now that you know the types of spoofing attacks that you should be aware of, it is important that you also understand how to protect yourself from them.
- Do not reply to emails requesting your account details or login information.
- Keep an eye on all your trusted websites for unusual aspects or behaviors.
- Keep an eye out for misspellings and bad grammar in emails.
- Pay close attention to the email addresses of messages you receive.
- Never click on an unfamiliar link or download an un-trusted file.
- Filter your mail to stop most phishing emails.
- When logging into your accounts, use two-factor authentication.
- Maintain an up-to-date network and software.
- Make sure you have a solid firewall in place.
- Only go to websites with an SSL certificate.
- No personal information is provided online whatsoever.
Don’t be fooled by temptations
When you are aware of this type of attack, alarm bells will tell you that you are about to fall victim, and you can spot a hacker trying to trick you, or at least you can find out before any personal data is stolen.
Examples of Famous spoofing attacks
Among some of the best known examples of spoofing attacks:
In 2006, unknown hackers carried out a major DNS spoofing attack (the first of its kind) against three local banks in Florida. They hacked the servers of the internet provider that hosted all three websites and redirected traffic to fake login pages that collected sensitive data from unsuspecting victims. In this way they were able to collect credit card numbers and PINs (the number was not detected) as well as other personal information belonging to their owners.
In 2015, unidentified hackers used DNS spoofing techniques to redirect traffic from Malaysia Airlines’ official website. The new homepage showed an image of an airplane with the text “404 – Plane Not Found”. Although no data was stolen or compromised, the attack blocked access to the website and flight status checks for a few hours.
In June 2018, hackers launched a two-day spoofing DDoS attack against the US health insurance website Humana. During the incident (which allegedly affected at least 500 people), the hackers managed to steal the complete medical records of Humana’s customers, including data relating to health, services received and related expenses.
There is nothing you can do to prevent criminals from posing as known contacts or IP addresses for the purpose of gaining access to your network and personal information; however, you can take precautionary measures to avoid becoming a spoofer victim.
Generally, the combination of safe browsing habits and the use of the best antivirus software is the only foolproof way to prevent hackers from taking control of your data and your computer.
You should share your sensitive information – including passwords, credit card information, and social security number – only via secure forms on encrypted websites that use HTTPS. If someone sends you an e-mail asking for this information, simply do not reply.
Check the sender address of any suspicious-looking e-mail you receive before clicking on links or downloading attachments. If a website you visit often behaves in an unusual way, don’t click on any links or fill out forms.
How to prevent a spoofing attack?
Often, hackers use various spoofing techniques to install malware on your computer, so use the best Mac antivirus software to protect your files. A good antivirus program will provide real-time protection from viruses, worms, Trojans, and all other types of malicious software. To ensure optimal security, some of these programs will warn you whenever you try to access a suspicious website, you can check this article for the best antivirus software programs.