A growing rank of Internet crooks are now using new tricks called “phishing” and “spoofing” to steal your identity. Bogus e-mails that attempt to trick customers into giving out personal information are the hottest new scam on the Internet.
“Spoofing” or “phishing” frauds attempt to make internet users believe that they are receiving e-mail from a specific, trusted source, or that they are securely connected to a trusted web site, when that’s not the case at all, far from it. Spoofing is generally used as a means to convince individuals to divulge personal or financial information which enables the perpetrators to commit credit card/bank fraud or other forms of identity theft.
Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address, Address Resolution Protocol (ARP), or Domain Name System (DNS) server.
Spoofing can be used to gain access to a target’s personal information, spread malware through infected links or attachments, bypass network access controls, or redistribute traffic to conduct a denial-of-service attack. Spoofing is often the way a bad actor gains access in order to execute a larger cyber attack such as an advanced persistent threat or a man-in-the-middle attack.
Successful attacks on organizations can lead to infected computer systems and networks, data breaches, and/or loss of revenue—all liable to affect the organization’s public reputation. In addition, spoofing that leads to the rerouting of internet traffic can overwhelm networks or lead customers/clients to malicious sites aimed at stealing information or distributing malware.
In “email spoofing” the header of an e-mail appears to originate from someone or somewhere other than the actual source. Spam distributors often use email spoofing in an attempt to get their recipients to open the message and possibly even respond to their solicitations.
“IP spoofing” is a technique used to gain unauthorized access to computers. In this instance the unscrupulous intruder sends a message to a computer with an IP address indicating that the message is coming from a trusted source.
“Link alteration” involves the altering of a return internet address of a web page that’s emailed to a consumer in order to redirect the recipient to a hacker’s site rather than the legitimate site. This is accomplished by adding the hacker’s ip address before the actual address in an e-mail which has a request going back to the original site. If an individual unsuspectingly receives a spoofed e-mail and proceeds to “click here to update” account information, for example, and is redirected to a site that looks exactly like a commercial site such as EBay or PayPal, there is a good chance that the individual will follow through in submitting personal and/or credit information. And that’s exactly what the hacker is counting on.
Types of spoofing
Email spoofing occurs when an attacker uses an email message to trick a recipient into thinking it came from a known and/or trusted source. These emails may include links to malicious websites or attachments infected with malware, or they may use social engineering to convince the recipient to freely disclose sensitive information.
Sender information is easy to spoof and can be done in one of two ways:
- Mimicking a trusted email address or domain by using alternate letters or numbers to appear only slightly different than the original
- Disguising the ‘From’ field to be the exact email address of a known and/or trusted source
Caller ID Spoofing
With caller ID spoofing, attackers can make it appear as if their phone calls are coming from a specific number—either one that is known and/or trusted to the recipient, or one that indicates a specific geographic location. Attackers can then use social engineering—often posing as someone from a bank or customer support—to convince their targets to, over the phone, provide sensitive information such as passwords, account information, social security numbers, and more.
Website spoofing refers to when a website is designed to mimic an existing site known and/or trusted by the user. Attackers use these sites to gain login and other personal information from users.
Attackers may use IP (Internet Protocol) spoofing to disguise a computer IP address, thereby hiding the identity of the sender or impersonating another computer system. One purpose of IP address spoofing is to gain access to a networks that authenticate users based on IP addresses.
More often, however, attackers will spoof a target’s IP address in a denial-of-service attack to overwhelm the victim with traffic. The attacker will send packets to multiple network recipients, and when packet recipients transmit a response, they will be routed to the target’s spoofed IP address.
Address Resolution Protocol (ARP) is a protocol that resolves IP addresses to Media Access Control (MAC) addresses for transmitting data. ARP spoofing is used to link an attacker’s MAC to a legitimate network IP address so the attacker can receive data meant for the owner associated with that IP address. ARP spoofing is commonly used to steal or modify data but can also be used in denial-of-service and man-in-the-middle attacks or in session hijacking.
DNS Server Spoofing
DNS (Domain Name System) servers resolve URLs and email addresses to corresponding IP addresses. DNS spoofing allows attackers to divert traffic to a different IP address, leading victims to sites that spread malware.
How to protect against spoofing attacks
The primary way to protect against spoofing is to be vigilant for the signs of a spoof, whether by email, web, or phone.
Do, when examining a communication to determine legitimacy, keep an eye out for:
- Poor spelling
- Incorrect/inconsistent grammar
- Unusual sentence structure or turns of phrase
These errors are often indicators that the communications are not from who they claim to be.
Other things to watch out for include:
- The email sender address: sometimes addresses will be spoofed by changing one or two letters in either the local-part (before the @ symbol) or domain name.
- The URL of a webpage: similar to email addresses, the spelling can be slightly changed to trick a visitor not looking closely.
Don’t click on unfamiliar links or download unfamiliar/unexpected attachments. If you receive this in your email, send a reply to ask for confirmation. If an email address is spoofed exactly, the reply will go to the actual person with the email address—not the person spoofing it.
Don’t take phone calls at face value; be wary of the information the caller is requesting. Google the phone number presented on the caller ID to see if it’s associated with scams. Even if the number looks legitimate, hang up and call the number yourself, as caller ID numbers can be spoofed.
Spoofing can sometimes be easy to spot, but not always—more and more, malicious actors are carrying out sophisticated spoofing attacks that require vigilance on the part of the user. Being aware of different spoofing methods and their signs can help you avoid being a victim.
Last minute protection
- If you need to update your information online, use the same procedure you’ve used before, or open a new browser window and type in the website address of the legitimate company’s page.
- If a website’s address is unfamiliar, it’s probably not authentic. Only use the address that you’ve used before, or better yet, start at the normal homepage.
- Most companies require you to log in to a secure site. Look for the lock at the bottom of your browser and “https” in front of the website address.
- If you encounter an unsolicited e-mail that requests, either directly or through a web site, for personal financial or identity information, such as Social Security number, passwords, or other identifiers, exercise extreme caution.
- Take note of the header address on the web site. Most legitimate sites will have a relatively short internet address that usually depicts the business name followed by “.com,” or possibly “.org.” Spoof sites are more likely to have an excessively long strong of characters in the header, with the legitimate business name somewhere in the string, or possibly not at all.
- If you have any doubts about an e-mail or website, contact the legitimate company directly. Make a copy of the questionable web site’s URL address, send it to the legitimate business and ask if the request is authentic.
- Always report fraudulent or suspicious e-mail to your ISP.
- Lastly, if you’ve been victimized, you should file a complaint with the FBI’s Internet Crime Complaint Center at http://www.ic3.gov.