What is spoofing?
Spoofing is a cybercrime that happens when someone impersonates a trusted contact or brand, pretending to be someone you trust in order to access sensitive personal information. Spoofing attacks copy and exploit the identity of your contacts, the look of well-known brands, or the addresses of trusted websites.
Spoofing relies on a hacker’s ability to pass themselves off as someone or something else. Some attackers disguise their communications — such as emails or phone calls — so that they appear to be coming from a trusted person or organization. With these types of spoofing attacks, hackers try to trick you into exposing sensitive personal information.
Spoofing attacks can also happen on a more technical level, through DNS or IP address spoofing. Spoofing in network security involves fooling a computer or network by using a falsified IP address, redirecting internet traffic at the DNS (Domain Name System) level, or faking ARP (Address Resolution Protocol) data within a local access network (LAN). Keep reading to learn more about IP spoofing attacks.
How does spoofing work?
Spoofing works like this: A hacker deceives victims by pretending to be someone or something they’re not. Once the hacker gains the victim’s trust, the danger is imminent. Email, phone, and SMS spoofers trick victims into turning over personal information, which can lead to financial fraud or identity theft.
Hackers often use email spoofing to ensnare victims in phishing scams. Other types of spoofing target networks rather than individuals, with the goal of spreading malware, stealing data, bypassing security systems, or preparing for subsequent attacks.
Because spoofing is based on deception, it can be challenging to prevent and detect spoofing attacks. That’s why it’s so important to protect yourself with strong, reliable internet security. Avast One constantly scans for incoming threats and keeps you protected against the kinds of phishing, malware, and virus attacks that spoofers love.
Spoofing vs phishing — what’s the difference?
The difference between spoofing and phishing is that while spoofing uses someone else’s identity, phishing attacks try to access sensitive information. Typical phishing scams involve luring victims with bait — like spoofed emails — and tricking them into providing personal data that can be used for identity theft.
Spoofing attacks make it appear as though the hacker’s communications can be trusted, because they mimic the look and feel of trusted sources. Many phishers use spoofing to trick their victims into believing their email is legitimate. This kind of manipulative social engineering is how phishing scams convince you to disclose personal information.
As mentioned, there are several different types of spoofing. Spoofing at the DNS or IP address level is different from phishing, because it uses technical methods to trick a computer or system. For example, typosquatting is a kind of spoofing attack that uses common mistakes people make when entering URLs to fool them into thinking they’re visiting the intended website.
But, email spoofing and phishing are very similar and are frequently used together.
Clever hackers use spoofing to make their phishing emails or SMS messages more believable, and so more likely to succeed. Let’s find out how this happens.
Types of spoofing
Spoofing refers to any cybercrime in which hackers impersonate a trusted source — and there are many different ways hackers use spoofing to carry out their attacks. Different types of spoofing target different channels or victims, but all types of spoofing aim to exploit vulnerabilities and take advantage of your trust.
Here are several of the most common spoofing attack types.
What is email spoofing?
Email spoofing is when a hacker creates and sends emails from a forged email address that their intended victim will recognize, like one used by their bank. In corporate settings, hackers may impersonate high-ranking executives or business partners and request inside information from employees.
But how does email spoofing work, and how do spoofers get away with it? Email is an open and relatively unsecured system that lets people easily send and receive messages. Unfortunately, this openness also leaves email vulnerable to abuse by malicious actors like spoofers.
There are even email spoofing websites that help hackers quickly spoof emails online. In early 2019, Mumbai-based paint company Asian Paints fell victim to a massive email spoofing attack in which the hackers pretended to be one of the company’s suppliers.
The good news is that your email’s spam filter can be trained to recognize spam and other shady emails. And if that doesn’t work, spoofing can be stopped if you know what to look for.
Here are some common email spoofing warning signs that can help you detect and prevent an email spoofing attack:
-
Generic email domain: Emails from financial institutions and other companies are sent from their official domain. If you receive an email that looks real but that’s coming from an address at a free email provider — such as yourbankname [at] yahoo.com — it might be a spoof email.
-
Generic greeting: Most companies will refer to you by name. Be skeptical of emails that open with “Dear customer” or that address you by your email username.
-
Request for personal information: Companies and employers should have all of your information that they need. They shouldn’t email you to request things like user credentials or credit card information. If this happens, it could be a phishing scam using spoofing techniques.
Spoofed emails often include fake email addresses, generic greetings, requests for personal information, and an artificial sense of urgency.
-
Strange attachments: Some spoofers will use phishing attacks to try to get through spam filters by putting malicious content in an attachment. Look out for HTML or EXE attachments, because these may install malware on your device. Never click on unknown attachments or links when you receive suspicious emails.
-
Mistakes and inconsistencies: Does the sender’s name match the email address they used? Are there obvious spelling or grammatical errors? Is your name spelled correctly? Legitimate companies won’t include careless typos (hopefully!) in the emails they send to customers.
-
Forced urgency: Spoofers want you to make snap decisions before you’ve had time to think things through. Your account will be closed! You’re going to be fined! The government is going to sue you! The more fear the hacker can induce, the higher the chances of their victim falling for the scam.
-
Spelling tricks: Many spoofers even try to fool victims into visiting spoofed versions of entire websites. They’ll attempt to pass their site off as the real thing by using a few clever spelling tricks, such as replacing a lowercase L with a capital I, or by using a different domain extension.
-
Typosquatting: Also known as URL hijacking or brandjacking, typosquatting takes advantage of common typos people make while entering web addresses into their browsers. Then, if you visit the fake address, you could end up on a malicious site.
What is website spoofing?
Website spoofing is when a hacker creates a fake website that looks like a legitimate one. When you log in, the hacker gets your credentials. Then, they can use your username and password to access your account.
Malicious spoofers sometimes use a cloaked URL, which redirects you through their own system and collects your personal information. They can even disguise the true destination of the URL by inserting special control characters that contain a different meaning than the characters you see. Often, like in typosquatting, the URL is so similar to the intended address that you may not notice the difference.
Spoofed websites are commonly linked within spoofed emails and phishing campaigns, so follow the email spoofing warning signs above to stay safe.
Spoofers aim at gaining your trust, whether through an urgent email, replicated website, or pilfered IP address. Some types of spoofing are easy to spot, like spoof calls from out-of-service numbers. False websites and other attacks are harder to detect.
How to verify a website
You can confirm a website’s authenticity by looking at its digital certificate. When visiting a website, look for the padlock icon in the address bar. Click it — your browser should show you whether the certificate is valid or not.
Click the certificate to view it in detail.
Viewing website safety information for www.avast.com in Google Chrome for macOS.
Avast One for PC and Mac includes built-in features like Web Shield, which protects your computer from spoofed websites, and File Shield, which scans email attachments for malicious activity in real time. Download Avast One today to shield yourself from unsafe sites and start detecting and preventing those hard-to-spot types of spoofing.
What is an IP spoofing attack?
IP spoofing happens at a deeper level of the internet than email spoofing. When a hacker uses IP spoofing, they’re messing with one of the web’s basic protocols. Every device connects to the internet from an IP address, which is a string of numbers that tells other devices where it is. When your device sends and receives information, it uses data packets that can find your device’s IP address.
Many closed networks are configured to accept packets only from a pre-approved range of IP addresses. This security measure prevents unknown devices from getting inside. A hacker can use an IP spoofing attack to change the IP address of their device and fool an otherwise secure network into letting them in. You can hide your IP address to prevent hackers from disguising themselves as you.
IP spoofing is especially popular for DDoS attacks, where a hacker overloads a network by flooding it with incoming traffic. It’s easy to block traffic from a single IP address, but with IP spoofing, hackers can make traffic appear as though it’s coming from multiple sources. That makes it much more difficult for the target to respond.
Some botnets take the opposite approach by using IP spoofing to make it look like traffic from many devices is actually coming from one. The devices in the botnet initiate connections to a variety of servers, then use IP spoofing to direct the replies all to one device. The incoming traffic quickly overwhelms the targeted server.
Other examples of spoofing
-
ARP spoofing: Address Resolution Protocol (ARP) spoofing lets a hacker infiltrate a local network (LAN) by masking their computer as a network member. Hackers use ARP spoofing to steal information with man-in-the-middle attacks, where a hacker intercepts a conversation and impersonates both participants to collect the information being transmitted.
-
DNS spoofing: Also known as DNS cache poisoning, DNS spoofing diverts victims from one website to another. A hacker will poison a target website’s listing in a DNS server by changing its associated IP address to one of their choosing, which then redirects victims to fraudulent websites that harvest personal data or inject malware into their computers. DNS spoofing is a common technique in pharming attacks.
-
Caller ID spoofing: Because they can make their calls appear to be coming from a trusted number or specific geographic region, ID spoofing is popular with robocallers. Once a victim answers the phone, the attacker tries to convince them to divulge sensitive information. Caller ID spoofing can also be used to send spoofed or spam text messages.
-
GPS spoofing: Some people misrepresent their physical location by faking their GPS coordinates. Any mobile app that relies on smartphone location data is a potential target for GPS spoofing attacks.
-
SMS spoofing: Hackers can send spoofed SMS messages that appear to be coming from another number. SMS spoofing attacks often contain malicious links that, when clicked, will lead to spoofed websites. Others will encourage the victim to download something that turns out to be malware.
How to prevent spoofing
Above, we’ve covered what spoofing means and how it works. Now check out our tips for spoofing prevention and learn how to protect yourself against spoofing attacks:
-
Stay sharp: Remain vigilant against the most common types of spoofing. Look out for common signs of a spoofing attack, and you’ll have a much lower chance of getting fooled.
-
Call to confirm: If you’re being asked to submit personal information, like a password or credit card number, call the sender to confirm — using the contact number listed on their real, actual website. Manually enter their URL into your web browser, check the website for signs of website spoofing, and don’t click any links in the suspicious email you received.
-
Be wary of strange attachments: Don’t open attachments that you don’t expect to receive, especially if they have unusual file extensions.
-
Hide your IP address: Get in the habit of hiding your IP address when surfing the web to prevent IP spoofing.
-
Regularly change your passwords: If a spoofer manages to obtain your login credentials, they won’t be able to do much if you already have a new password. Create strong passwords that are hard to guess, and use a password manager to store them securely.
-
Check before you click: Hover over any links before you click to verify the URL. If you do click, confirm the URL after the page loads to ensure you weren’t redirected. Stick to sites that use HTTPS encryption.
-
Report spoofing attempts: If you received a spoofed email or other communication, let the supposed sender know that they’ve been spoofed. This can help prevent future spoofing attacks. Most companies will have a page on their website where you can report spoofing and other security issues.
-
Use a dedicated secure browser: Switch to a browser that prioritizes security and privacy, and one that’s less vulnerable to hijacking attempts than common browsers.
-
Use strong antivirus protection: Many of the best free antivirus programs include built-in features that detect threats in real time. Install trusted antivirus security to further spoof-proof your device.
Protect your data with proven antivirus software
Spoofing attacks can happen to anyone. Thankfully, Avast One includes multiple advanced features that work together to provide real-time spoofing protection, as well as an air-tight defense against malware and other online threats.
With our Web Shield and File Shield at your side, you’ll be protected against viruses, malware, and all the kinds of phishing emails and pharming websites that spoofers love to create. Stay safe online with the security solution trusted by millions of people worldwide.