Spoofing
What is Spoofing?
Spoofing is the falsification of data or information to deceive or mislead, often in a cyber attack. A malicious actor will fake a communication (like a text or email) or a website to appear legitimate, with the intent of tricking their target into giving data or money, opening access to a system, or installing malware.
Spoofing is often an integral part of social engineering, where the spoof is the initial lie that lures someone in. The spoof can involve disguised email, text, caller ID, or even a fake website, with the end goal of fooling a person into letting their guard down and doing something dangerous (e.g. divulging sensitive info, installing malware, or similar). A spoof can also be used to deceive a business’s security protocols and gain access to sensitive systems or data.
While there are many kinds of spoofing, they all share a common feature—the success of a spoof relies both on the quality of the forged identity, and on the target’s trust or momentary inattention. Let’s look at some of the more common types of spoofing that target individual people.
Email spoofing
A spam email where the spoof is in the sender’s “name.” Often, the name will look legitimate or familiar, and the email itself will contain other recognizable elements, like a company logo. The spoofer may even use the recipient’s email as the sender, for example to convince the recipient their email or computer was “hacked.”
The body of an email spoof will try to persuade the recipient to take some action, such as to reply with certain info or documents. There may be a link taking you to a (fake) website to claim a prize, or log into a carefully faked version of a website you would normally use to log into your account. Neither the email address nor the website are actually what they pretend to be, and if you do as requested you’ll be providing the spoofer with info they shouldn’t have.
How to defend against email spoofing
- When reading the email, look at the actual address the email came from, not just the name of the sender. Often, the name will seem normal, but the email address will be slightly off.
- Don’t reply to a questionable email. If you want to follow up with what appears to be the sender, start a fresh email using a stored email address from your address book.
- Be critical of the contents—look closely at logos, grammar, and spelling.
- Do an Internet search on a term or phrase from the email. There’s a good chance someone else has already received this spoof and posted a warning about it.
- To avoid receiving these emails in the first place, use the built-in spam filters in your email tool.
- To reduce exposure of your email address, and thus the opportunity for spoofers to find it and use it, use a disposable email for unimportant Web interactions. Keep your “real” email only for necessary business and personal communication.
Website spoofing
A phishing scam that creates a fake website (including the URL and content) that looks very similar to the real thing. The goals of a spoofed website are to steal login information, or download malware onto your computer. A spoofed website is often linked to in a spoofed email.
How to defend against website spoofing
- Enable Safe Browsing in your Web browser. All major browsers, including Brave, support this feature, which can warn you if you’re about to visit a known phishing site.
- Use a password manager. A password manager won’t enter login credentials for a legitimate site into a spoofed URL. The login will simply fail and you’ll be notified.
- Before clicking a link, check the URL for correct spelling. For example, make sure you’re clicking example.com rather than exampel.com. Better yet, type the URL into the browser directly and don’t click links at all.
- If you do click a link, check the website for authenticity. Do the logos or the colors look off? Is the layout or font choice overly simplified?
- Check the browser address bar for “https://” (not “http://”).
Caller ID spoofing
Also called “neighbor spoofing,” this attack manipulates the caller ID system to display a local phone number, or the name of a known business or agency. When a recipient answers, they might hear a live person or a recorded message, but in either case the call is designed to catch people off guard and get them to react quickly before they can evaluate authenticity. The end goal of caller ID spoofing is often to steal money or personal data.
How to defend against caller ID spoofing
- If you don’t recognize the number on your caller ID, don’t pick up—let the caller leave a message.
- If you do pick up and realize it’s spam, don’t engage by speaking to the person or pressing numbers on your dialpad. Just hang up immediately.
- If the call claims to be a business or agency but you’re suspicious, don’t provide any info. Instead, hang up and call the business back using a number from a legitimate source, like an official website.
- You can block some of these calls by using tools available through your phone service. Some service providers automatically block robocalls, but they’re a moving target and providers can’t block everything.
Text message spoofing
Part of a pretexting scam in which the name of the text sender is faked to look like it’s from a familiar person or business. As with other spoofs, the goal is to get a recipient to read a message and provide personal info, or click a link to a spoofed website.
How to defend against text message spoofing
- Don’t reply directly to a suspicious text. If the text appears to be from someone you know, text them directly using the contact info stored in your phone. If the text appears to be from a business, call the business directly and speak with someone there.
- Don’t click links provided in text messages, especially ones that ask you to reset your password. If you’re not sure if the message is legitimate, visit the website by typing the correct URL directly into your browser.
File extension spoofing
Spoofed file extensions look safe, but actually install malware. The file name may appear harmless, something like “funphoto.jpg” or similar. However, it’s actually a spoof to disguise a harmful “.exe” file, which can run an executable file that installs malware.
How to defend against file extension spoofing
- Be careful about any attachments or links to cloud files, even ones that look safe. If you don’t know the sender, don’t open any attachments.
- Make sure you’re viewing the entire file name, and not one truncated based on software settings.
- If the sender appears familiar, but you weren’t expecting a file from this sender, contact them (using contact info from your address book) to ask if they sent something.
- Keep antivirus software on your device updated to protect against .exe files being executed (in case you did accidentally download).
Man-in-the-middle attacks
A spoof where a malicious person puts themselves between a person and another person or website. The goal is to intercept shared info, or manipulate the parties into disclosing info. One common man-in-the-middle is to set up a fake public Wi-Fi network with a similar name to a trusted network (e.g. “caffee-WiFi” instead of “cafe-WiFi”). By using the spoofed Wi-Fi, the target exposes all their internet activity to the spoofer. The spoofer can simply collect the info (like a username and password) and use it to access an intended website, or even alter the info before it’s sent.
How to defend against man-in-the-middle attacks
- Make sure you’re choosing the correct Wi-Fi network.
- If you’re using a non-password protected Wi-Fi, use a VPN connection for extra security.
- When on public Wi-Fi, don’t share personal information via email or text, and make sure websites have a certificate (indicated by a lock icon in the URL or address bar) before entering any personal info on them.
Other kinds of spoofing
These are a few other types of spoofing that are either less common, or else might target larger entities rather than individuals. These include:
- IP address: The spoofer disguises their true location by using a false IP address. This might be done to appear as if they’re already on the target network. This false location isn’t blocked by the network security, so the spoofer gets access to the network.
- Geo location: The hacker uses a VPN to pretend they’re located somewhere other than their true location. This spoof is often used to circumvent content access limitations, such as streaming content that’s only accessible in a certain area.
- DNS: The hacker changes the data on the DNS table that routes Internet requests, redirecting traffic from a legitimate website to their spoof copycat website. This may also happen locally—a virus can install a false domain name mapping on your computer’s hard drive (in the “hosts” file). By default, any IP address mapping in the “hosts” file is used in place of the DNS table information.
- ARP (address resolution protocol): Similar to a DNS attack, but the rerouting occurs within a local network.
- GPS: Signals of a navigation system like GPS are falsified to make someone look like they’re somewhere else, or traveled a different route. Might be used for warfare, theft of services (ride and delivery apps), or even to cheat at sports or games.