In cyber security, a “spoofing” attack or fraud occurs when fraudsters present themselves as someone or something else to gain a person’s trust. The motivation for this is usually to gain access to systems, steal data, steal money, or spread malware.

What is a spoofing attack?

Spoofing is a cyber attack in which the attacker tries to access important information and data by pretending to be a trusted source. Spoofing can happen through websites, emails, phone calls, messages, IP addresses and servers.

Usually, the main goal of spoofing attacks is to obtain personal information, steal money, bypass network access control, or spread malware through infected attachments or links. Fraudsters use any type of online communication to try to steal people’s identities and assets using forgery.

Spoofing attacks can be applied to a wide range of communication channels and involve different levels of technical sophistication. Phishing attacks usually include an element of social engineering, where fraudsters trick their victims by playing on human vulnerabilities such as fear, greed, or a lack of technical know-how.

How does a spoofing attack work?

A spoofing attack usually relies on two elements: first the spoof itself, such as a fake email or website, and then the social engineering aspect, which prompts victims to take action. For example, scammers may send an email that appears to come from a trusted colleague or senior manager, asking you to transfer some money online.

A successful spoofing attack can have serious consequences, including stealing personal or corporate information, collecting personal documents for use in subsequent attacks, spreading malware, gaining unauthorized network access, or bypassing access controls. For businesses, spoofing attacks can sometimes lead to costly and damaging ransomware attacks or data breaches.

There are different types of spoofing attacks. Easier attacks involve emails, websites, and phone calls. More sophisticated technical attacks include IP addresses, Resolution Protocol (ARP) and Domain Name System (DNS) servers. In the following, we examine the most common examples of spoofing.

Types of spoofing attacks

Email Spoofing

Email fraud occurs when a hacker uses a fake email address to create emails that the intended victim recognizes, such as an email sent from a customer’s bank. In corporate settings, hackers may pose as senior executives or business partners and solicit internal information from employees.

Fraudulent emails often ask for money transfers or permission to access the system. Additionally, they can sometimes contain attachments that, when opened, install malware such as Trojans or viruses. In many cases, malware is designed to go beyond infecting your computer and spread to your entire network.

Email scams mostly rely on social engineering. The ability to convince a human user to believe that what they are seeing is legitimate will cause them to take the requested action and open their attachment, transfer money, etc.

How to avoid email spoofing attacks?

Unfortunately, it is impossible to stop the email spoofing attack completely because the basis of sending email, known as SMTP protocol, does not require authentication. However, regular users can take simple steps to reduce the risk of an email spoofing attack by choosing a secure email provider and practicing cyber hygiene:

• Use your disposable or secondary email accounts when registering on the sites. This will prevent your private email address from appearing on lists used to send fake email messages in bulk.
• Make sure your email password is strong and complex. A strong password makes it difficult for criminals to access your account and use it to send malicious emails from your account.
• If you can, check the email header. (This feature depends on the email service you use and only works on desktop.) Email headers contain metadata about the source and how the email was sent to you.
• Turn on your spam filter. This will prevent fake emails from entering your inbox.

IP spoofing

While email fraud focuses on the user, IP fraud primarily targets a network.

IP spoofing involves an attacker trying to gain unauthorized access to a system by sending messages with a fake or fake IP address to make it appear that the message came from an authentic source.

By obtaining the IP address of a legitimate host and changing the headers of packets sent from their own system, cybercriminals achieve this to appear to be from the original legitimate computer.

Early detection of IP spoofing attacks is especially important because these attacks often occur as part of DDoS attacks, which can take an entire network offline.

How to prevent IP spoofing? (tips for website owners)

• Monitor unusual network activity.
• Use packet filtering that has the ability to detect inconsistencies such as the mismatch of outgoing packets with the source IP address.
• Use authentication methods for all remote access (even among network computers).
• Authenticate all IP addresses.
• Use a network attack blocker.
• Make sure that at least some of the computer’s resources are behind a firewall.

Website spoofing

Website spoofing, also known as URL spoofing, occurs when fraudsters make a fake website look like a legitimate website. The fake website has a familiar login page, stolen logos and similar trademarks, and even a fake URL that looks genuine at first glance.

Hackers create these websites to steal your login details and drop malware on your computer. Often, website spoofing is combined with email scams. For example, scammers may send you an email containing a link to a fake website.

How to prevent website spoofing:

• Look at the address bar. A fake website is unlikely to be safe. To check this issue, you need to know that the URL should start with //:https instead of //:http, which actually “s” stands for “safe”. There should also be a lock icon in the address bar. This means that the site has an up-to-date security certificate. Note that if a site doesn’t have this, it doesn’t necessarily mean it’s fake, and you should look for additional signs.
• Check the correctness of all characters, logo and colors. Also check the completeness of the content. For example, fake websites sometimes don’t bother to fill the privacy policy or terms and conditions page with real content.
• Try a password manager program. Software used to autofill login information will not work on fake websites. If the software doesn’t automatically complete the login passwords and usernames, it can indicate that the website is fake.

phone spoofing

Caller ID spoofing, sometimes called phone spoofing, occurs when scammers intentionally falsify the information sent to your caller ID to hide their identity. They do this because they know you’re more likely to answer calls from local numbers than you are to answer anonymous calls.

Caller ID scams use VoIP (Voice over Internet Protocol), which allows scammers to make up their own phone numbers and caller IDs. When the recipient answers the call, scammers try to obtain sensitive information for fraudulent purposes.

How to prevent phone number spoofing?

• Check if your phone carrier has a service or program that helps identify or filter spam calls.
• You can use third-party apps to block spam calls, but be aware that you’re sharing private data with them.
• If you receive a call from an unknown number, it is often best not to answer it. Answering spam calls will send you more spam calls because scammers see you as a potential target.

Text message spoofing

Text message spoofing, sometimes called text message spoofing, occurs when a sender misleads users by sending a text message with fake information. Legitimate businesses sometimes do this too by replacing a long number with a short number wat, which is apparently more convenient for customers.

But scammers also do this to hide their true identity behind a numerical sender ID, usually posing as a legitimate company or organization. Often, these fake texts include links to SMS phishing sites (known as “smishing”) or malware downloads.

How to prevent forgery of text messages?

• Avoid clicking on links in text messages as much as possible. If you think the text message is from a company you know and wants you to take immediate action, go directly to the website by typing the URL or searching through a search engine, and don’t click on the link in the text message.
• In particular, never click on “reset password” links in text messages as they are most likely scams.
• Remember that banks, telecoms and other legitimate service providers never ask for personal information via SMS. So do not provide personal information in this way.
• Be wary of SMS alerts of prizes or discounts as they are likely to be scams.

ARP spoofing

Address Resolution Protocol (ARP) is a protocol that enables network communications to reach a specific device on the network. ARP spoofing, sometimes called ARP poisoning, occurs when an attacker sends spoofed ARP messages over a local network. This links the attacker’s MAC address with the IP address of a legitimate device or server on the network. This link means that an attacker can intercept, modify, or even intercept any data destined for that IP address.

How to prevent ARP spoofing?

• For individuals, the best defense against ARP poisoning is to use a virtual private network (VPN).
• Organizations must use encryption. For example, the HTTPS and SSH protocols are used to help reduce the likelihood of an ARP poisoning attack being successful.
• Organizations should also consider using packet filters. Filters that block malicious packets and those with suspicious IP addresses.

DNS spoofing

DNS spoofing, sometimes called DNS cache poisoning, is an attack in which altered DNS records are used to redirect online traffic to a fake website that looks like the intended destination. Fraudsters achieve this by replacing the IP addresses stored in the DNS server with addresses that hackers want to use.

How to prevent DNS spoofing?

• People: Never click on a link you’re not sure about, use a virtual private network (VPN), regularly scan your device for malware, and clear your DNS cache to remove poisoning.
• Website owners: Use DNS spoofing tools, domain name system security extensions, and end-to-end encryption.

GPS spoofing

GPS spoofing occurs when a GPS receiver broadcasts fake signals that look real. This means that fraudsters pretend to be in one place when they are actually in another. Fraudsters can use this to hack a car’s GPS and send you to the wrong place, or on a much larger scale they can potentially interfere with the GPS signals of ships or planes. Many mobile apps rely on smartphone location data, which can be a target for this type of spoofing attack.

How to prevent GPS spoofing:

• GPS anti-spoofing technology is being developed, but mainly for large systems, such as marine navigation.
• The easiest (though inconvenient) way for users to protect their smartphone or tablet is to switch it to “battery saving mode”. In this mode, only Wi-Fi and cellular networks are used to determine your location, and GPS is disabled (this mode is not available on some devices).

Facial spoofing

Facial recognition technology is increasingly used to unlock mobile devices and laptops and in other areas such as law enforcement, airport security, healthcare, education, marketing and advertising. Facial recognition errors can occur through illegal biometric data, directly or secretly from a person’s online profiles, or through hacked systems.

How to prevent forgery if:

Most anti-spoofing facial recognition methods include liveness detection. This will determine if the face is live or a fake reproduction. There are two techniques:

• Eye blink detection, which detects patterns in blink intervals and denies access to fraudsters who cannot match these patterns.
• Interactive recognition, which requires users to perform specific facial actions to verify their authenticity.

Final point

One of the best ways to stay safe on the Internet is to use strong antivirus software. Don’t forget that cyber hygiene ensures your safety online.