What Is Spoofing? The Top 5 Examples

SoftwareLab Blog

BY: Tibor Moes / Updated: FEbruary, 2019

What is Spoofing?

Spoofing is an act of impersonation. A hacker will pretend to be a person or company known to and trusted by the recipient. Spoofing is used to gain access to the sensitive data or use computational resources to carry out cyber attacks. Read on to learn about the main types of spoofing attacks.

What you will find out in this article: 

  1. What Is Spoofing?
  2. What Types of Spoofing Exist?
  3. Examples of Spoofing Attacks
  4. How to Prevent a Spoofing Attack

Spoofers can infect your computer with malware and use it to monitor your activity, access your files, and turn you into a bot. Take a look at our comparison of the best antivirus software and protect yourself from spoofing attacks.

Tibor Moes

Founder, SoftwareLab

Spoofing

Deception is about as old as humanity itself. For as long as there have been people, there have also been fraudsters trying to take advantage of other people’s inexperience, ignorance, and gullibility. Although their techniques are similar, the hoaxers of yesteryear have nothing on today’s hoaxers.

Nowadays, fraudsters are combining age-old deception methods with modern technology to create a brand new beast – spoofing. Merriam-Webster’s dictionary defines spoofing as the act of making good-natured fun of a particular subject, but there’s nothing fun about online spoofing.

What is Spoofing?

Spoofing is a fraudulent act in which communication from an unknown source is disguised as being from a source that is known to and trusted by the recipient. A spoofing attack occurs when a person (referred to as a spoofer) pretends to be someone else in order to trick their target into sharing their personal data or performing some action on behalf of the spoofer. The spoofer will often take time and make an effort to build trust with their target, thus ensuring that they will share their sensitive data more easily.

As a type of impersonation carried out via technological means, spoofing can take on many forms. In its most primitive form, spoofing refers to impersonation via telephone. For example, when a caller on the other end falsely introduces themselves as a representative of your bank and asks for your account or credit card info, you are a victim of phone spoofing. To make their fake calls seem more believable, spoofers have also started using software to fake caller IDs, an act known as phone number spoofing.

The most sophisticated forms of spoofing, however, are taking place online. In most cases, they involve the sending of fraudulent emails to unsuspecting targets, but may also include the spoofing of devices and addresses. Regardless of their type, most spoofing attacks are malicious. The attackers behind them usually aim to gain access to the victim’s personal data, distribute malware, access private networks, create botnets for the purpose of carrying out cyber attacks, or cause financial losses to the victim.

Spoofing isn’t illegal in itself, as you might sometimes need to fake your phone number, your IP address, or even your name to protect your identity and be able to access certain services that may otherwise be unavailable in your location. However, it is illegal to use spoofing to defraud someone and engage in criminal activity. Depending on the severity of their attack, spoofers may be fined and/or sentenced to prison. They may also have to compensate their victim for any losses suffered as a result of the attack.

What Types of Spoofing Exist

Cybercriminals employ a variety of methods and techniques to carry out spoofing attacks and steal their victims’ sensitive information. Some of the most common types of spoofing include the following:

  1. Email Spoofing

Email spoofing is the most prevalent form of online spoofing. Similar to phishing, spoofers send out emails to multiple addresses and use official logos and header images to falsely introduce themselves as representatives of banks, companies, and law enforcement agencies. The emails they send include links to malicious or otherwise fraudulent websites and attachments infected with malicious software.

Some spoofers may also use social engineering techniques to trick the victim into disclosing information voluntarily. They will often create fake banking or digital wallet websites and link to them in their emails. When an unsuspecting victim clicks on that link, they will be taken to the fake site where they will have to log in with their information, only to have that info sent to the spoofer behind the fake email.

  1. DNS Spoofing

Each computer and each website on the internet are assigned their own unique IP address. For websites, this address is different from the standard “www” internet address that you use to access them. When you type in a web address into your browser and hit enter, the Domain Name System (DNS) quickly finds the IP address that matches the domain name you entered and redirects you to it. Hackers have found ways to corrupt this system and redirect your traffic to malicious websites. This is called DNS spoofing.

Also known as DNS cache poisoning, this method is used by cybercriminals to introduce corrupt DNS data on the user’s end, thus preventing them from accessing the websites that they want to access. Instead, no matter what web address they type in, the user will be redirected to the IP addresses defined by the hacker, which most often hosts malicious software or fake forms that harvest the victim’s personal data.

  1. IP Spoofing

As the name suggests, IP spoofing refers to the use of a fake IP address by the sender to either disguise their real identity or to carry out cyber attacks. The sender assumes an existing IP address that doesn’t belong to them in order to send out IP packets to networks they otherwise wouldn’t have access to. Since they’re coming from a trusted address, the security system on the recipient’s end will see the incoming packets as part of the normal activity and won’t be able to detect the threat until it’s too late.

Not all instances of IP spoofing are malicious. The virtual private network (VPN) technology is based on IP spoofing, but its main purpose is to protect the users’ identity, allow them to access content that is otherwise blocked due to internet censorship, and prevent cyber attacks while on a public Wi-Fi connection. Although some countries like China and Turkey have outlawed the use of VPN, it is legal in most countries of the world as long as it’s not used to engage in cybercriminal activities.

  1. DDoS Spoofing

DDoS spoofing is a subtype of IP spoofing used by hackers to carry out Distributed denial-of-service (DDoS) attacks against computers, networks, and websites. The attackers use various techniques to scan the internet for computers with known vulnerabilities and use these flaws to install malicious software. This allows them to create botnets, armies of “robot” computers, all remotely controlled by the hacker.

Whenever they want, the hacker can activate all the computers in their botnet and use their combined resources to generate high levels of traffic to target websites and servers in order to disable them. Each of these computers has their own unique IP address. Considering that botnets can comprise a million or more computers with as many unique IPs, tracing the hacker’s actual IP address may prove impossible.

  1. ARP Spoofing

Every internet-connected device has its own Media Access Control (MAC) address that is linked to the device’s unique IP address via the Address Resolution Protocol (ARP). Cybercriminals can hack into their target’s local area network and send false ARP data. As a result, the hackers’ MAC address will become linked to the target’s IP address, thus giving them insight into their target’s incoming traffic.

Hackers opt for ARP spoofing to intercept sensitive data before it reaches the target computer. They may also modify parts of the data so that the recipient can’t see them, while some hackers will stop the data in-transit, thus preventing it from reaching the recipient. ARP spoofing attacks can only be carried out on local area networks use ARP. In addition, the hacker must first gain access to the local area network.

Examples of Spoofing Attacks

Some of the best-known examples of spoofing attacks include the following:

  • In 2006, unknown hackers carried out a major DNS spoofing attack – the first of its kind – against three local banks in Florida. The attackers hacked the servers of the internet provider that hosted all three websites and rerouted traffic to fake login pages designed to harvest sensitive data from unsuspecting victims. This has allowed them to collect an undisclosed number of credit card numbers and PINs along with other personal information belonging to their owners.
  • In June 2018, hackers carried out a two-day DDoS spoofing attack against the website of the American health insurance provider, Humana. During the incident that was said to have affected at least 500 people, the hackers have managed to steal complete medical records of Humana’s clients, including the details of their health claims, services received, and related expenses.
  • In 2015, unidentified hackers have used DNS spoofing techniques to redirect traffic from the official website of Malaysia Airlines. The new homepage showed an image of a plane with the text “404 – Plane Not Found” imposed over it. Although no data was stolen or compromised during the attack, it blocked access to the website and flight status checks for a few hours.

    How to Prevent a Spoofing Attack

    While you can’t prevent others from trying to impersonate known contacts or IP addresses to gain access to your network and personal information, there are things that you can do to avoid becoming a victim of spoofers. As a rule, a combination of safe browsing habits and the best antivirus software is the only surefire way to prevent hackers from taking control of your data and your computer.

    Your sensitive information – including passwords, credit card info, and Social Security number – should only be shared via secure forms on encrypted websites that use HTTPS. If anyone sends you an email asking for this information, don’t respond to them. Check the sender address of any suspicious-looking email you receive before clicking on links or downloading attachments contained in it. If any of the websites you normally visit are acting differently, don’t click on any links or fill out any forms on them.

    Hackers often use different spoofing techniques to install malware on your computer, which is why you need to use the best antivirus software to protect your files. A good antivirus program will provide real-time protection against viruses, worms, Trojans, and all other types of malicious software. To ensure optimal security, some of these programs will alert you whenever you try to access a suspicious website.