academy
Security
Security
See all Security articles
Privacy
Privacy
See all Privacy articles
Performance
Performance
See all Performance articles
Select language
Select language
Avast Academy Security Other Threats What Is Spoofing and How Can I Prevent it?

What Is Spoofing and How Can You Prevent it?

Picture this: You receive an urgent email from your bank with a link, and you click it — just like that, you’ve become the victim of a spoofing attack. Keep reading to learn what spoofing is, what types of spoofing to watch out for, and how strong antivirus software can help you defend against spoofing attacks.

Spoofing-Hero

What is spoofing?

Spoofing is a cybercrime that happens when someone impersonates a trusted contact or brand, pretending to be someone you trust in order to access sensitive personal information. Spoofing attacks copy and exploit the identity of your contacts, the look of well-known brands, or the addresses of trusted websites.

Hamburguer menu icon

This article contains:

    Spoofing relies on a hacker’s ability to pass themselves off as someone or something else. Some attackers disguise their communications — such as emails or phone calls — so that they appear to be coming from a trusted person or organization. With these types of spoofing attacks, hackers try to trick you into exposing sensitive personal information.

    Spoofing attacks can also happen on a more technical level, through DNS or IP address spoofing. Spoofing in network security involves fooling a computer or network by using a falsified IP address, redirecting internet traffic at the DNS (Domain Name System) level, or faking ARP (Address Resolution Protocol) data within a local access network (LAN). Keep reading to learn more about IP spoofing attacks.

    How does spoofing work?

    Spoofing works like this: A hacker deceives victims by pretending to be someone or something they’re not. Once the hacker gains the victim’s trust, the danger is imminent. Email, phone, and SMS spoofers trick victims into turning over personal information, which can lead to financial fraud or identity theft

    Hackers often use email spoofing to ensnare victims in phishing scams. Other types of spoofing target networks rather than individuals, with the goal of spreading malware, stealing data, bypassing security systems, or preparing for subsequent attacks.

    Because spoofing is based on deception, preventing and detecting spoofing attacks can be challenging. That’s why it’s so important to protect yourself with strong, reliable internet security. Avast Free Antivirus constantly scans for incoming threats and keeps you protected against the kinds of phishing and malware attacks that spoofers love.

    Spoofing vs phishing — what’s the difference?

    The difference between spoofing and phishing is that while spoofing uses someone else’s identity, phishing attacks try to access sensitive information. Typical phishing scams involve luring victims with bait — like spoofed emails — and tricking them into providing personal data that can be used for identity theft.

    Spoofing attacks make it appear as though the hacker’s communications can be trusted, because they mimic the look and feel of trusted sources. Many phishers use spoofing to trick their victims into believing their email is legitimate. This kind of manipulative social engineering is how phishing scams convince you to disclose personal information.

    As mentioned, there are several different types of spoofing. Spoofing at the DNS or IP address level is different from phishing, because it uses technical methods to trick a computer or system. For example, typosquatting is a kind of spoofing attack that uses common mistakes people make when entering URLs to fool them into thinking they’re visiting the intended website. 

    But, email spoofing and phishing are very similar and are frequently used together.

    An illustration showing how spoofing emails trick victims with social engineering techniques

    Clever hackers use spoofing to make their phishing emails or SMS messages more believable, and so more likely to succeed. Let’s find out how this happens.

    Types of spoofing

    Spoofing refers to any cybercrime in which hackers impersonate a trusted source — and there are many different ways hackers use spoofing to carry out their attacks. Different types of spoofing target different channels or victims, but all types of spoofing aim to exploit vulnerabilities and take advantage of your trust. 

    Here are several of the most common spoofing attack types.

    What is email spoofing?

    Email spoofing is when a hacker creates and sends emails from a forged email address that their intended victim will recognize, like one used by their bank. In corporate settings, hackers may impersonate high-ranking executives or business partners and request inside information from employees.

    But how does email spoofing work, and how do spoofers get away with it? Email is an open and relatively unsecured system that lets people easily send and receive messages. Unfortunately, this openness also leaves email vulnerable to abuse by malicious actors like spoofers.

    There are even email spoofing websites that help hackers quickly spoof emails online. In early 2019, Mumbai-based paint company Asian Paints fell victim to a massive email spoofing attack in which the hackers pretended to be one of the company’s suppliers.

    The good news is that your email’s spam filter can be trained to recognize spam and other shady emails. And if that doesn’t work, spoofing can be stopped if you know what to look for.

    Here are some common email spoofing warning signs that can help you detect and prevent an email spoofing attack:

    • Generic email domain: Emails from financial institutions and other companies are sent from their official domain. If you receive an email that looks real but that’s coming from an address at a free email provider — such as yourbankname@yahoo.com — it might be a spoof email.

    • Generic greeting: Most companies will refer to you by name. Be skeptical of emails that open with “Dear customer” or that address you by your email username. 

    • Request for personal information: Companies and employers should have all of your information that they need. They shouldn’t email you to request things like user credentials or credit card information. If this happens, it could be a phishing scam using spoofing techniques.

      An example of a spoofed email with warning signs to look out for.

      Spoofed emails often include fake email addresses, generic greetings, requests for personal information, and an artificial sense of urgency.

    • Strange attachments: Some spoofers will use phishing attacks to try to get through spam filters by putting malicious content in an attachment. Look out for HTML or EXE attachments, because these may install malware on your device. Never click on unknown attachments or links when you receive suspicious emails.

    • Mistakes and inconsistencies: Does the sender’s name match the email address they used? Are there obvious spelling or grammatical errors? Is your name spelled correctly? Legitimate companies won’t include careless typos (hopefully!) in the emails they send to customers

    • Forced urgency: Spoofers want you to make snap decisions before you’ve had time to think things through. Your account will be closed! You’re going to be fined! The government is going to sue you! The more fear the hacker can induce, the higher the chances of their victim falling for the scam.

    • Spelling tricks: Many spoofers even try to fool victims into visiting spoofed versions of entire websites. They’ll attempt to pass their site off as the real thing by using a few clever spelling tricks, such as replacing a lowercase L with a capital I, or by using a different domain extension.

    • Typosquatting: Also known as URL hijacking or brandjacking, typosquatting takes advantage of common typos people make while entering web addresses into their browsers. Then, if you visit the fake address, you could end up on a malicious site.

    What is website spoofing?

    Website spoofing is when a hacker creates a fake website that looks like a legitimate one. When you log in, the hacker gets your credentials. 

    Malicious spoofers sometimes use a cloaked URL, which redirects you through their own system and collects your personal information. They can even disguise the true destination of the URL by inserting special control characters that contain a different meaning than the characters you see. Often, like in typosquatting, the URL is so similar to the intended address that you may not notice the difference.

    Spoofed websites are commonly linked within spoofed emails and phishing campaigns, so follow the email spoofing warning signs above to stay safe. 

    Spoofers aim at gaining your trust, whether through an urgent email, replicated website, or pilfered IP address. Some types of spoofing are easy to spot, like spoof calls from out-of-service numbers. False websites and other attacks are harder to detect.

    Avast Free Antivirus includes built-in features like Web Shield, which protects you from spoofed websites, and File Shield, which scans email attachments for malicious activity in real time. Install it today to start detecting and preventing those hard-to-spot types of spoofing.

    What is an IP spoofing attack?

    IP spoofing happens at a deeper level of the internet than email spoofing. When a hacker uses IP spoofing, they’re messing with one of the web’s basic protocols. Every device connects to the internet from an IP address, which is a string of numbers that tells other devices where it is. When your device sends and receives information, it uses data packets that can find your device’s IP address.

    Many closed networks are configured to accept packets only from a pre-approved range of IP addresses. This security measure prevents unknown devices from getting inside. A hacker can use an IP spoofing attack to change the IP address of their device and fool an otherwise secure network into letting them in. You can hide your IP address to prevent hackers from disguising themselves as you.

    IP spoofing is especially popular for DDoS attacks, where a hacker overloads a network by flooding it with incoming traffic. It’s easy to block traffic from a single IP address, but with IP spoofing, hackers can make traffic appear as though it’s coming from multiple sources. That makes it much more difficult for the target to respond.

    Other examples of spoofing

    icon_01_resrefhARP spoofing: Address Resolution Protocol (ARP) spoofing lets a hacker infiltrate a local network (LAN) by masking their computer as a network member. Hackers use ARP spoofing to steal information with man-in-the-middle attacks, where a hacker intercepts a conversation and impersonates both participants to collect the information being transmitted.

    icon_02_resrefhDNS spoofing: Also known as DNS cache poisoning, DNS spoofing diverts victims from one website to another. A hacker will poison a target website’s listing in a DNS server by changing its associated IP address to one of their choosing, which then redirects victims to fraudulent websites that harvest personal data or inject malware into their computers. DNS spoofing is a common technique in pharming attacks.

    icon_04_resrefhCaller ID spoofing: Because they can make their calls appear to be coming from a trusted number or specific geographic region, ID spoofing is popular with robocallers. Once a victim answers the phone, the attacker tries to convince them to divulge sensitive information. Caller ID spoofing can also be used to send spoofed or spam text messages.

    icon_05_resrefhGPS spoofing: Some people misrepresent their physical location by faking their GPS coordinates. Any mobile app that relies on smartphone location data is a potential target for GPS spoofing attacks.

    How to prevent spoofing

    Above, we’ve covered what spoofing means and how it works. Now check out our tips for spoofing prevention and learn how to protect yourself against spoofing attacks:

    • Stay sharp: Remain vigilant against the most common types of spoofing. Look out for common signs of a spoofing attack, and you’ll have a much lower chance of getting fooled.

    • Call to confirm: If you’re being asked to submit personal information, like a password or credit card number, call the sender to confirm — using the contact number listed on their real, actual website. Manually enter their URL into your web browser, check the website for signs of website spoofing, and don’t click any links in the suspicious email you received.

    • Be wary of strange attachments: Don’t open attachments that you don’t expect to receive, especially if they have unusual file extensions.

    • Hide your IP address: Get in the habit of hiding your IP address when surfing the web to prevent IP spoofing.

    • Regularly change your passwords: If a spoofer manages to obtain your login credentials, they won’t be able to do much if you already have a new password. Create strong passwords that are hard to guess, and use a password manager to store them securely.

    • Check before you click: Hover over any links before you click to verify the URL. If you do click, confirm the URL after the page loads to ensure you weren’t redirected. Stick to sites that use HTTPS encryption.

    • Report spoofing attempts: If you received a spoofed email or other communication, let the supposed sender know that they’ve been spoofed. This can help prevent future spoofing attacks. Most companies will have a page on their website where you can report spoofing and other security issues.

    • Use a dedicated secure browser: Switch to a browser that prioritizes security and privacy, and one that’s less vulnerable to hijacking attempts than common browsers.

    • Use strong antivirus protection: Many free antivirus programs include built-in features that detect threats in real time. Install trusted antivirus protection to further spoof-proof your device.

    Protect your data with proven antivirus software

    Spoofing attacks can happen to anyone. Thankfully, Avast Free Antivirus includes multiple advanced features that work together to provide real-time threat detection and spoofing protection.

    With our Web Shield and File Shield at your side, you’ll be protected against the kinds of phishing emails and pharmed websites that spoofers love to create. Stay safe online with the free antivirus solution trusted by millions of people worldwide.

    Block spoofing attacks and protect your Android with Avast Mobile Security

    FREE INSTALL

    Secure your Wi-Fi network and protect your personal data with Avast Mobile Security

    FREE INSTALL