You probably know someone who’s been the victim of an attempted scam, where some fraudster tries to obtain sensitive information using a false identity or something similar.
Cybercriminals also use this centuries-old “tradition” of deception, where they pretend to be someone we know or a reputable company to gain access to confidential data or to use computer resources for their criminal activities.
There’s a term for this: Spoofing. Read on to find out what types of spoofing there are, what tricks scammers use, and how to protect yourself from fraud on the internet.
What is spoofing?
In the world of internet technology (or IT infrastructures), spoofing means the intrusion into computers or networks by faking a trustworthy, real identity. Cybercriminals are very skillful when sending what are known as spoof emails, falsifying IP addresses, names, and addresses.
Spoofers (i.e. scammers) impersonate someone else to trick us into revealing personal information or doing something for them. They often take the time to earn our trust to ensure we are willing to share sensitive information.
With their spoofing attacks, cybercriminals often aim to attack private or public networks and use them to spread malware or other malicious software. Or they install botnets on your networks, i.e. automated, interconnected malware that you have not authorized and that acts on your systems, causing extensive damage across networks.
The difference between spoofing and phishing
Spoofing is one of the many variants of social engineering and is very similar to phishing as a technique used by cybercriminals. That’s because in both cases, scammers are trying to get hold of sensitive data on a huge scale.
In the case of phishing, however, their primary aim is to steal our personal information and cause us economic or financial harm — which, of course, becomes easy for them once they have our PINs or account numbers.
Spoofing, on the other hand, is not necessarily about stealing this personal information but about spreading malicious files or messages on our behalf or on behalf of a company.
Is spoofing illegal?
Cyberscammers use spoofing techniques to fool us and engage in criminal activities — which is of course illegal and can result in fines or even imprisonment depending on the severity of the attack.
However, spoofing per se is not inherently illegal. That’s because there may be a legitimate reason for you to “fake” your telephone number, IP address, or name, for example, to protect your identity and access certain services.
VPN technology (VPN = virtual private network) is, for example, based on (IP) spoofing — and is always a really good option if you want to surf the internet using public networks, browse anonymously, or encrypt your data traffic. As a Mac user for example, you can go for the VPN for Mac.
Avira Phantom VPN helps you conceal your online activities and surf in privacy.
Want to learn more about how to protect your identity on the internet? Take a look at our blogpost on private browsing.
Spoofing — the many different types
There are now a huge number of spoofing techniques out there — and you’ve probably experienced a few of them yourself. Read on to learn more about the different types of spoofing, such as IP, email, DNS (domain name system), ARP (address resolution protocol), DDoS (denial of service), and caller ID spoofing.
The most widespread form: Call ID or caller ID spoofing
If you receive a phone call or SMS from a phone number that appears to be trustworthy, such as from a specific geographical region, this might be a case of caller ID spoofing.
Here, instead of the original phone number of their telephone connection, scammers usually use freely selectable identification information to disguise their true identity. From a technical standpoint, they use the unregulated internet telephony or voice-over-IP method for this — although telecommunications law prohibits this in many countries.
Common type of spoofing: Email spoofing
Email spoofing is a very common technique used by cybercriminals. They manipulate the email header so that the client software shows you a bogus sender address of a person or institution. And in most cases, you don’t suspect a thing because you know the supposed sender. This means that in the worst case, you click malicious links, open malware attachments, send sensitive data, or even transfer company funds.
It’s only possible for cybercriminals to use email spoofing because of the way email systems are designed, where the client application, i.e. the entity that communicates with a server (central computer), assigns a sender address to outgoing messages. The outgoing email servers have no way of knowing if the sender’s address is legitimate or fake — giving scammers a good chance of reaching their victims through email spoofing.
IP spoofing: What is it?
While scammers target individual users in the case of email spoofing, IP spoofing is primarily targeted at networks.
With IP spoofing, cybercriminals create internet protocol packets — or IP packets for short — with a spoofed source address to either disguise their identity, impersonate another computer system, or both.
Here’s some background info for you to explain what’s going on: Data is transferred on the internet in the form of IP packets. In addition to the actual packet content (body), these IP packets contain a header with the relevant routing information, including the sender or source address. If these packets have been tampered with, it’s highly likely that the source address in the header is bogus.
DNS spoofing — explained in simple terms
DNS spoofing refers to a method of spoofing where cybercriminals manipulate the DNS name resolution process. To achieve this, they falsify the domain’s IP address.
Here’s what happens: When you enter the name of a website in your browser, the name resolution process, i.e. the “translation” into an IP address, runs in the background. And, you guessed it: The IP address belonging to a domain (website) can be falsified and, in the case of DNS spoofing, lead you to being redirected to the cybercriminals’ servers.
And precisely because this name resolution process runs in the background, you don’t even notice the manipulation because the deceitful thing about DNS spoofing is that your browser displays the correct domain.
DDoS spoofing: Companies in the cross hairs
The term DDoS (distributed denial of service) spoofing pretty much sums up what this type of spoofing attack is all about. This is because with DDoS spoofing, when you visit an internet address, you are spoofed into thinking that the corresponding page or service is not available.
In the event of a DDoS spoofing attack, cybercriminals willfully overload IT infrastructures to extort ransoms from companies or organizations, for example, or to carry out, cover up, or prepare for other criminal activities.
ARP spoofing
With ARP (address resolution protocol) spoofing, cybercriminals manipulate the address resolution protocol with the aim of connecting their own fraudulent MAC (media access control) address to a legitimate IP address. This way, they can steal or modify data that was actually intended for the owner of the IP address in question.
Put simply: Every time you call up a website, the associated IP address is converted into a physical MAC address or resolved before the requested data is transmitted via a LAN (local area network).
Examples of known spoofing attacks
It isn’t possible to say exactly when spoofing attacks became a serious threat, but we have to assume that as digitization progresses, the cybercriminals’ manipulative techniques will continue to improve. This ups the pressure considerably on those in charge of IT in companies because cybercriminals’ spoofing manipulations are not always immediately apparent.
One notable recent example of a spoofing attack concerned a group of Russian GRU agents who attempted to hack into the office of the Organization for the Prohibition of Chemical Weapons (OPCW) in The Hague using a Wi-Fi spoofing device. However, cases of DNS spoofing attacks are more well-known. Read on for two further examples.
DNS spoofing attack on three banks (2006)
Probably the first known example of a DNS spoofing attack happened in March 2006. It affected the customers of three banks in Florida at the same time.
In this case, the cybercriminals managed to hack the servers of the ISP that hosted the three banks’ websites. They then redirected traffic from the legitimate websites to a bogus server, designed to resemble the banking sites. Users were then asked to enter credit card numbers, PINs, and other types of sensitive information.
While this attack was very similar to the phishing attacks that are commonly used against bank customers, in this case the hackers had actually made changes to the banks’ legitimate websites, making the scam much harder for ordinary users to detect. Phishing attacks generally require users to click a bogus web link, but this attack worked on users who had typed in the correct URL for the banks in question.
Fewer than 20 banking customers were probably affected by this DNS spoofing attack, but this example shows very well how effective DNS spoofing can be. And it also shows why it became critical for banks, government agencies, and research institutions to use their own servers.
DNS spoofing during the Covid-19 pandemic
In early 2020, a DNS spoofing attack wave occurred during the Covid-19 pandemic where victims received a warning purportedly from the World Health Organization. It said that you should install an information app as soon as possible — but the app turned out to be Trojan malware that collected vast amounts of highly sensitive data from the victims:
- The hackers got their hands on browser histories and cookies, payment data, saved information from forms, and log in details via the victims’ browsers — even two-factor authentication became unsecure after installing the app.
- Not even text files on the victims’ computers were immune to being harvested, with cryptocurrency wallets also part of the hacked information.
How to protect yourself from spoofing
There are quite a number of ways to protect yourself from spoofing, and don’t underestimate the cumulative effects of taking several of the possible protective steps at once.
First of all, keep in mind that spoofing is “just” one of the many methods of social engineering, where cybercriminals like to target human vulnerability. Accordingly, you should be on the alert if, for example, you are offered or want to visit web pages that only display “http” in your browser’s address bar instead of the now obligatory “https”. In this case, you can assume that this website doesn’t have necessary certificates so there’ll be significant security holes.
Your operating system’s firewall only offers basic protection against spoofing
Every operating system comes with a firewall by default. However, these only offer basic protection against spoofing attacks, which is why our first recommendation is: Install an additional firewall.
With Avira Free Security installed on your devices, you can configure each operating system’s built-in firewall to strengthen your protection against spoofing attacks — and at the same time access many other really helpful tools that can optimize your devices’ security and performance.
Protect yourself against email spoofing attacks
You should treat emails that go straight to spam without you having to lift a finger with extreme caution: One glance at the sender address is often enough to see that your email program was right to send this message straight to spam. And, you guessed it: The links and file attachments contained in spam emails are almost always “offers” from cybercriminals.
If you receive emails from your bank, you should always be extremely careful and not click on the links contained in the messages. It’s better to log in to the website, because your bank will also provide you with relevant messages in your dedicated personal area.
Antivirus programs offer protection against spoofing attacks
We can’t stress it often enough: Antivirus programs and apps are a must for every digital device, whether for your PC, laptop, Mac, or iOS or Android-based smartphones and tablets.
And you should configure these antivirus programs to run regular checks (scans) on all your devices. In many cases, we don’t even notice straight away that a virus is spreading through our devices — giving spoofing attacks an easy ride.
With Avira Free Antivirus, you can help your devices protect themselves from virus attacks while at the same time enjoying better protection from spoofing attacks.
Take steps to boost your protection when surfing
Protect your personal devices from manipulation attempts when surfing the internet with sophisticated internet security software such as Avira Internet Security. With this solution you can improve your protection against a wide range of threats, including phishing attacks, ransomware, Trojans, and viruses.
