At some point in the last few years, you might have come across the term “spoofing attack” in relation to some cybersecurity breach. However, a lot of people don’t really know the definition of spoofing, asking the Compuquip team “what is spoofing” and “how does spoofing work?”
Because spoofing can be a major cyber threat, it’s important to know what spoofing is and how spoofing works. This way, you have a chance to prepare for, recognize, and counter spoofing attacks. With this in mind, here’s an explanation of spoofing, how it’s used in cyberattacks, and how to prepare for this threat.
What is Spoofing?
A simple definition of spoofing is that it’s when an attacker attempts to disguise their attack as something else—imitating or “spoofing” a piece of information to trick the target. Spoofing can be applied to all kinds of information and data. Examples of data that an attacker might spoof include:
- Email addresses
- Phone numbers
- Hypertext links (especially shortened URLs)
- IP addresses (on data packets to trick rudimentary firewall inspection)
- User names
- Domain Name System (DNS) identifiers
Basically, anything and everything that is used to authenticate the identity of a person or device could be spoofed by an attacker in an effort to trick their targets.
How Spoofing Works
The level of sophistication involved in a spoofing attack varies depending on what’s being spoofed and the nature of the attack.
For example, a spoofing attempt can be as simple as creating a fake email address that’s just one letter or piece of punctuation off from someone else’s email to trick the recipient into thinking it’s from someone they know. On the other hand, it can involve complicated tools and tricks to rewrite information so that a computer firewall might recognize a data packet filled with malware as a safe file download.
In the case of the email example, the spoofing activity is part of a phishing attack—a type of social attack designed to trick people into taking an action based on what they believe to be a legitimate communication.
Spoofing can be broken down into many different forms. Here are some more detailed examples of spoofing and how you can be targeted:
- Email Spoofing. The goal for attackers when spoofing an email is to curate a scenario within the contents of the email to increase its likelihood of interaction. The spoofing aims to build trust so that the recipient believes it is coming from a known source or legitimate source. Users will be more prone to click on or download malicious email/file attachments. These emails typically request the recipient to enter personal information as in forms of ID, login credentials, physical address, or a credit card number. Additionally, users who interact with spoofed emails are more likely to grant the attacker a network foothold via droppers and persistent mechanisms living in memory.
- Caller ID Spoofing. Many robodialers and phone-based scams now use tools to disguise their phone numbers on caller ID systems. Using this equipment, scammers can make their out-of-state phone number look like it comes from a local area code, or from an organization that their target knows and trusts. This form of spoofing helps scammers get around caller ID-based blocking.
- Website Spoofing. Some attackers build fake web pages or even entire fake websites that copy the look of a legitimate site. These fake sites are often full of download links for malware designed to compromise the unsuspecting victim’s computer/smartphone. Otherwise, these sites may try to trick people into surrendering sensitive information, such as credit card numbers, social security numbers, or user account information.
- IP Spoofing/IP Address Spoofing. This is when an attacker disguises their IP address to mask their identity from firewalls. This helps to hide the origin point of an attack while allowing it to slip past IP-based firewall filters.
- DNS Spoofing. Spoofing the domain name system allows attackers to redirect URLs and email addresses to different IP addresses. This can be used as part of a social attack carried out via email or other channels to redirect unsuspecting targets to a spoofed website.
These are just a few examples of different types of spoofing that may be used against an organization or a person. The question is, how can you recognize and prevent spoofing attacks?
How to Avoid Spoofing Attacks
The trouble with cyberattacks involving spoofing is that they’re inherently hard to detect. By disguising the attack with spoofing, attackers make it harder for both people and automated systems to spot and neutralize the attack methodology. However, there are a few things you can do to avoid attacks that use spoofing techniques.
Some common countermeasures to spoofing attacks include:
- Checking Hyperlinks. Exercising extreme caution when clicking on hypertext links in emails or social media posts. Checking that the URL matches the domain of the sender helps, as does using antivirus/antimalware programs to check emails before opening them in the first place.
- Checking Usernames/Emails for Typos. Carefully inspecting sender names to make sure they match and don’t contain extraneous symbols or typos.
- Applying Deep-Packet Inspection. Using deep-packet inspection firewall that checks data packet contents rather than just data packet source and destination IP addresses. This helps to easily thwart basic IP spoofing strategies.
- Using Independent Verification for Communications. When prompted to open a link to a special offer or invoice, it is safer to manually visit the site or portal in question rather than opening the email link—as that link may lead to a spoofed website.
- Establishing Firm Sender Verification Policies. Creating and adhering to strict policies for verifying sender identities when requests involve the transfer of sensitive information or monetary payments. For example, when an employee receives a request from the CEO to approve a wire transfer, the employee should email or call the CEO on the phone using known contact info (rather than replying to the email, which may simply lead back to an impostor) instead of blindly following the email’s instructions. This questioning might take a few minutes or hours to get a response, but it’s better to have a short delay than to give money to a fraudulent account. Additionally, a standing policy to NEVER send user account information over an email can be helpful for thwarting phishing attacks that use spoofing.
Ultimately, avoiding attacks that leverage spoofing requires near-constant vigilance and effort. Managing a security education, training, and awareness (SETA) program can help employees maintain that vigilance. However, such measures may not stop every spoofing attack. So, it’s also important to have an incident response plan (IRP) in place to help your organization recover from such attacks and limit their potential impact.
Need help defending your organization from spoofing attacks? Reach out to the Compuquip team for support and advice.