The spoofing is a cyber attack in which an attacker pretends to be a trusted entity – an acquaintance of ours, a website that we usually consult, etc. – using names and/or addresses known to us and is perpetrated using various tools, including emails, telephone numbers or some particular computer protocols, such as ARP and DNS. Recognizing a spoofing attempt may not be easy but, with the right amount of attention, it is absolutely possible. In this article we wanted to delve deeper What is spoofing and how to protect yourself.
What is “spoofing” and what is it?
The spoofing (literally “deception”) is a type of cyber attack that can take various forms and can be perpetrated in an infinite number of ways. Regardless of the methods adopted by cyber criminals in using this technique, any spoofing attack is always characterized by a distinctive element that makes it particularly insidious: it is exploited the trust of potential victims to access data, spread malware, steal money, and carry out other malicious purposes behind a deception that is, at first, anything but obvious.
Before being able to achieve his goals, the cybercriminal identifies the victim to be hit, proceeds with the analysis of the target domain or network and then actually proceeds with a first attack attempt. About the Different ways in which spoofing is perpetratedwe summarize the main ones in the following points.
- Email Spoofing: In this case, the criminal masks the sender’s name of the messages sent via email. To prevent the most astute users from noticing something strange in the sender’s address, criminals who resort to email spoofing usually modify the address by changing a few characters to maximize the chances of success.
- Caller ID or SMS Spoofing: a good one Spoofers (with this term we refer to cyber criminals who use the spoofing technique precisely) can change the way their number appears to the victims they contact, so that they believe the call is coming from a known number (for example, the “official” number of the bank). The criminal will then use the number disguised with the fake caller ID to request confidential information from the potential victim (for example, using the excuse of having to carry out some security checks on their home banking account).
- Website Spoofing: A spoofer can create a fake website that looks exactly like the one used by a certain company (for example, a website for booking flights and hotels) or a certain organization, so as to make the victim believe that there is no problem in providing the website in question with confidential information, such as their username and password or their payment information.
- IP Spoofing: In this case, the spoofer attempts to hide the identity of a client or server, deceiving victims into believing that the data they are sending or receiving comes from a trusted source by simulating the IP address of another device.
- DNS Server Spoofing: This attack method is particularly insidious and allows data traffic to be redirected to destinations other than those requested by the victim’s browser. The criminal can compromise a DNS server by modifying the name address tables and this, translated into simple terms, means that when a user searches for a site, he will be redirected to a “fraudulent version” of the latter, created ad hoc by the criminal himself to steal login credentials, payment data, etc.
- ARP Protocol Spoofing (Address Resolution Protocol): With this technique, a spoofer enters a local network by making his computer appear as a member of it, thus infiltrating the local network (the so-called LAN) and using this opportunity to perpetrate his malicious goals.
How to protect yourself from spoofing
For defend yourself from spoofingthe first step to take is to understand how the various attack methods are perpetrated and that is what you have just done by reading the points in the previous chapter.
The second step consists in the become more attentive Internet users. If, for example, you receive aemail from a seemingly known addressdo not ignore potentially “strange” requests, such as clicking on links and downloading attachments that you did not request. Dig deeper by clicking on the sender’s name to actually see the email address the message is coming from. If the email appears to be “authentic”, be careful that there are no micro-modifications made “ad hoc” by the spoofer. For example, if instead of receiving a message from the address [email protected] belonging to one of your contacts you receive it from the address [email protected]it is highly likely that you are the subject of a spoofing attempt: do not open any links or attachments in the message in question.
As regards possible attempts at Caller ID spoofingif you are asked for personal information over the phone by a person identifying themselves as an operator of your bank or any other institution, do not provide any data over the phone (unless you contacted the institution for assistance). If you receive calls of this type, hang up immediately, contact the institution’s customer care via the dedicated number and report the incident. Obviously, use the same approach also with regard to suspicious SMS messages that ask you for the same information in text form.
Before entering your login details on a websitealways check the URL in the address bar of your browser and pay attention to possible spelling errors in the address: be careful, for example, of replacing the “l” with the number “1”, the “m” with the “n” or other similar substitutions. Before providing payment data or login data, also make sure Always that the site you are connected to uses the protocol HTTPS (HyperText Transfer Protocol over Secure Socket Layer) instead of the old HTTP protocol.
