Spoofing is when a hacker pretends to be someone known by a person or network in order to access sensitive information, often in pursuit of financial gain. Spoofing can also happen on a deeper technical level, such as with DNS or IP address spoofing. Learn what spoofing is, how spoofing works, and how you can defend against these attacks.
This article contains:
No matter which type of spoofing is used, the basics are always the same: The hacker deceives their victims by pretending to be someone they are not. To understand how spoofing works, think of the classic Wolf in Sheep’s Clothing. The wolf — in this case, our spoofer — dresses up as a sheep, and by doing so, is welcomed as a friend by the other sheep.
Once the hacker has obtained the victim’s trust, the danger becomes apparent. Email and phone spoofers manipulate their victims into turning over sensitive personal information, which can lead to financial fraud or identity theft. Hackers frequently use email spoofing to ensnare victims in phishing campaigns.
Other types of spoofing tend to be targeted at networks rather than individuals, with the goals of spreading malware, stealing data, bypassing security systems, or laying the groundwork for subsequent attacks.
Because spoofing can be used in such a wide variety of ways, it can be a challenge to spot every attack. This is why it’s so important to equip yourself with strong, reliable internet security. Avast Free Antivirus constantly scans for incoming threats and keeps you protected against the phishing and malware attacks that spoofers love.
Phishing scams involve “luring” victims in with bait — such as fake emails — and tricking them into providing sensitive personal data that can then be used for identity theft.
As mentioned, there are several different types of spoofing. Spoofing at the DNS or IP address level is completely different than phishing, as it involves using technical means to trick a computer or network. Email spoofing and phishing are very similar and are frequently used together.
Recall that spoofing attacks make it appear as though the hacker’s communications are coming from a trusted source. Since the goal of phishing is to fool victims into disclosing sensitive personal information, many phishers use spoofing to help trick their victims into believing their email is legitimate.
Some phishers mass-mail their fraudulent emails to as many targets as possible, without going through the extra trouble to spoof a trusted source. As a result, most of these emails wind up exactly where they belong: in the spam folder.
More clever hackers will use spoofing to make their phishing email much more believable, and therefore more likely to succeed. Let’s find out how this happens.
Email spoofing is when a hacker creates and sends emails from a forged email address that their intended victim will recognize, such as one used by their bank. In corporate settings, hackers may impersonate high-ranking executives or business partners and request inside information from employees. In early 2019, Mumbai-based paint company Asian Paints fell victim to a massive email spoofing attack in which the hackers pretended to be one of the company’s suppliers.
Email spoofing is a common hacking practice due to the way email is designed. It is an open and relatively unsecured system that allows people around the world to easily send messages to each other. Unfortunately, this openness also leaves it open to abuse by malicious actors like spoofers. There are even email spoofing websites out there that allow hackers to quickly spoof emails online.
The good news is that spoofing can be stopped, if you know what to look for. Below, we outline several telltale signs that can help you detect an email spoofing attack:
Generic email domain: Emails from financial institutions and other companies will be sent from their official domain. If you’ve received an email that looks real, but that’s coming from an address at a free email provider — such as email@example.com — you might be dealing with a spoofer.
Generic greeting: Most companies will refer to you by name. Be skeptical of emails that open with “Dear customer” or that address you by your email username.
Request for personal information: Companies and employers already have all of your information that they need. They shouldn’t email you to request things like your user credentials or credit card information.
Strange attachments: Some spoofers will attempt to slide through your spam filters by placing the malicious content of their email in an attachment. Be especially on-guard for .HTML or .EXE attachments, as these may install malware on your device. Always avoid unknown attachments and links when you receive a suspicious email.
Mistakes and inconsistencies: Does the sender’s name match the email address they used? Are there any spelling or grammatical errors in the content of the email? Is your name spelled correctly? Legitimate companies won’t make these types of careless typos in the emails they send to their customers.
Forced urgency: Spoofers want you to make snap decisions before you’ve had time to think things through, which is why they pour on the pressure. Your account will be closed! You’re going to be fined! The government is going to sue you! The more panic the hacker can induce, the higher the chances of their victim falling for the scam.
URL typos: Many spoofers try and fool victims into visiting spoofed versions of entire websites. They’ll attempt to pass their site off as the real thing by using a few “clever” spelling tricks, such as replacing a lowercase L with a capital I, or by using a different domain extension.
This hypothetical spoofed email bears many of the warning signs you’ll see in real ones: an illegitimate email address, a generic greeting, a request for personal information, and an artificial sense of urgency.
IP spoofing happens at a deeper level of the internet than email spoofing. When a hacker uses this technique, they’re messing with one of the web’s basic protocols. Every device that connects to the internet does so from an IP address, a string of numbers that tells other devices where it is. When your device sends information into the internet, it does so in a series of packets, and each packet contains your device’s IP address. This way, every device on the internet knows who is saying what.
Many closed networks are configured to only accept packets from a pre-approved range of IP addresses. This is a security measure to prevent unknown devices from getting inside. A hacker can use an IP spoofing attack to change the IP address of their device and fool one of these networks into opening up the doors. You can hide your IP address to prevent hackers from disguising themselves as you.
IP spoofing is especially popular for DDoS attacks, where a hacker overloads a network by flooding it with incoming traffic. It’s easy for the target to block traffic from a single IP address, but with IP spoofing, the hacker can make their traffic appear as though it’s coming from multiple sources. This makes it much more difficult for the target to respond.
ARP spoofing: This allows a hacker to infiltrate a LAN by masking their computer as a network member. Hackers use ARP spoofing to steal information with Man-In-the-Middle attacks. The hacker secretly intercepts a conversation and impersonates both participants, thereby collecting all the information being discussed.
DNS spoofing: Also known as DNS cache poisoning, this technique diverts victims from one website to another. The hacker will “poison” the target website’s listing in a DNS server by changing its associated IP address to one of their choosing, which then redirects victims to fraudulent websites that harvest personal data or download malware onto their computers. This is a common technique in pharming attacks.
Website spoofing: When a hacker creates a fake version of a real website, they’re performing website spoofing. The replica sites look just like the real thing, and when users log in, the hacker obtains their credentials.
Caller ID spoofing: This one is popular with robocallers because they can make their calls appear as though they are coming from either a trusted number or specific geographic region. Once the victim answers the phone, the attacker will attempt to convince them to divulge sensitive information. Caller ID spoofing can also be used to send spoofed text messages.
GPS spoofing: Some people may seek to misrepresent their physical location in the world by faking their GPS coordinates. Any mobile app that relies on smartphone location data is a potential target for GPS spoofing attacks.
Spoofing attacks can come in so many different shapes, it’s understandable if you’re feeling overwhelmed. Learn how spoofing can be prevented with these helpful tips:
Stay sharp: Remain vigilant against the most common types of spoofing. Be on your guard for the signs of a spoofing attack, and you’ll have a much lower chance of getting fooled.
Call to confirm: If you’re being asked to submit personal information, such as a password or credit card number, call the sender to confirm — using the contact number listed on their real website. Manually enter their URL into your browser, check the website for signs of website spoofing, and don’t click any links in the suspicious email you received.
Be wary of strange attachments: Never open attachments that you aren’t already expecting to receive, especially if they have abnormal file extensions.
Regularly change your passwords: If a spoofer manages to obtain your login credentials, they won’t be able to do much damage if you already have a new password. Create strong passwords that are hard for others to guess, and use a password manager to store them securely.
Check before you click: Hover over any links before clicking through so that you’ll know ahead of time where you’re going. If you do decide to click, confirm the URL after the page loads to ensure you weren’t redirected.
Report spoofing attempts: If you’ve received a spoofed email or other communication, let the supposed sender know that they’ve been spoofed. This can help to prevent future spoofing attacks. Most companies will have a page on their website where you can report spoofing and other security issues.
You don’t have to go it alone. Avast Free Antivirus includes multiple advanced features that work in concert for real-time threat detection. With our Web Shield and Email Shield at your side, you’ll be protected against the phishing emails and websites spoofers love to create. Stay safe online with the free antivirus solution trusted by millions of people worldwide.