- Spoofing is a cyber attack that involves a bad actor disguising their identity as one from a name or address you know and trust online.
- Spoofing can be done to disguise email addresses, phone numbers, or more advanced systems like an ARP or DNS.
- There are several ways to detect spoofing, some as easy as poor grammar and spelling.
- Visit Insider’s Tech Reference library for more stories.
Considering how much of our personal information is online, we should take every precaution to make sure it stays out of the hands of people who would abuse it.
While phishing scams have plagued us for nearly as long as we’ve had phones and email, spoofing takes bad actors trying to get our private information to a new level.
What is spoofing?
Spoofing is a cyber attack that works like an online Trojan horse; it uses a familiar name or contact information to gain important private information from you, or to spread
. More sophisticated than claiming to be from somebody or some company you know, spoofing allows the bad actor to disguise their identity as one you trust.
For example, it can allow the person to make a text or call look like it’s from a number you recognize, or send an email address disguised as a familiar company. Spoofers can make themselves look like your bank, your credit card credit company, and can even appear from an
or Domain Name System (DNS) you or your system recognizes.
For example, let’s say you do business with hotels and you get an email from email@example.com asking for credit card information for a recent stay one of your clients had. This is phishing because the @gmail handle makes it pretty obvious that this email didn’t come from Marriott.
Email spoofing, however, is more elevated. It would allow the same person to send you an email that looks like it’s from firstname.lastname@example.org. Some spoofers are even sophisticated enough to know who you likely worked with at that hotel chain so it will look like it’s somebody you do business with and who may need your credit card information. Or they may send you an attachment claiming to be an invoice. When you open it, a virus is launched into your system, or worse.
Types of spoofing
The above example is one form of spoofing. There are many different ways spoofers can disguise their identity and get past your defenses.
- Email spoofing: As explained above, this is a common method of spoofing. They can disguise the sender name, though clicking on the address should reveal the actual sender. They may also misspell just one letter so you don’t see it upon first glance. Then when you click a link, send information, or open an attachment, it corrupts your computer.
- Caller ID spoofing: A spoofer can change how their number appears so that it looks like it’s from a geographical location regardless of where they’re calling or texting from. Another is to create a fake number that displays on caller ID and is similar to a number used by a known contact. They will call or text asking for private information.
- Website spoofing: A spoofer can create a fake website that looks similar to one used by a legitimate company. This website will have you write information, such as your username and password for the legitimate website, and then have access to your account.
- DNS server spoofing: This reassigns a website’s DNS server to point to an IP address of their choosing. When you click on the website, you will be redirected to a fraudulent one.
- IP spoofing: This hides the internet protocol, or IP address, of a computer, thus hiding the location of the computer. One way to use it is to gain access to systems that identify IP addresses. Another way is to overload a network with traffic and make it look like it’s coming from various IP addresses. In the ensuing chaos, the spoofer gets in.
- Address Resolution Protocol (ARP) spoofing: In this technique, a spoofer gets into a local network by making their computer look like a member of the network, and thus infiltrate the local area network (LAN).
How to detect spoofing
Spoofing may be a sophisticated tool of spammers but there are several telltale signs for each form. One obvious sign is regular misspellings and poor grammar, which indicate that the email did not come from a reputable company. Also, if you regularly change your passwords and utilize trusted browsers and security software, you help strengthen your defenses.
There are several ways to detect spoofing specific to the individual types of spoofs.
- Email spoofing: While the spoofers can make their email look like it’s from a known contact, they can’t change their actual email. Clicking on the name will reveal the actual email address. Also, often the email will be the same except for a rearrangement of a letter. For example, it may say email@example.com versus firstname.lastname@example.org. And never open attachments or click on links unless you are 100% sure it came from somebody you know.
- Caller ID spoofing: If you receive a call from a number you don’t recognize, don’t answer it. If you do answer and they ask for personal information, hang up and call a number connected to a certified source. For example, if they call claiming to be from your credit card, call a number from your most recent credit card statement.
- Website spoofing: Double-check the URL. There may be a misspelling somewhere (they may exchange an “l” for an upper-case “i,” for example). These websites are usually put together with less attention to detail than a reputable company’s website.
- DNS server spoofing: The website spoofing tips will help here.
- ARP spoofing: This can be defended against by a dedicated cybersecurity person or staff to monitor the LAN. Also, regularly changing data and passwords can prevent infiltrators from having information that will be used long enough to cause much damage.