An Overview of Spoofing

Cybercriminals leverage various tactics to conduct their scams, and one of the most common ones they deploy is spoofing.

Spoofing is a major element in phishing attacks, which can be harmful for anyone who falls victim to one of these scams.

Luckily, spoofing can be spotted rather easily, you just have to know what to look for. This guide will explain what spoofing is, the different types of spoofing that exist, and the warning signs that will let you know that something has been spoofed.

What is Spoofing?
Spoofing is when bad actors masquerade as a legitimate entity to earn a person's trust. This deception is done subtly. A person may receive an email or a phone call from someone claiming to be a trusted source.

Their goal is to eventually get their target to turn over valuable assets.

The message may appear to be legitimate on its surface, but there are clues that will tell you that something is amiss, as we will cover shortly.

What Are the Different Types of Spoofing?
Spoofing is done in many different ways. Here are some of the more prominent examples of spoofing:

• Email Spoofing: One of the most common forms of spoofing, email spoofing is when bad actors send emails designed to trick users into believing they came from a known person or entity. The emails may be designed with headers and graphics that make it appear to be legitimate. As an example, a bad actor may pose as a high-ranking executive. They may send an email to an employee asking them to complete an urgent wire transfer. If the email is crafted properly, it will look as though it came from the executive themself. What the employee doesn't know is the wire transfer is going right to the bad actor.
• Website Spoofing: Cybercriminals may create an exact replica of trusted websites. These sites may have the exact color scheme, logos, fonts and functionality of the site it is impersonating. Spoofed websites are often created to serve as a phishing site. The site will ask visitors to hand over valuable information or login credentials, possibly under the guise of remedying a problem with an account, or for a nonexistent incentive.
• URL Spoofing: Often going hand-in-hand with spoofed websites, URL spoofing is when bad actors create a fake URL that will send someone to a malicious website. These URLs will look similar to the one belonging to the legitimate website, but there may be a slight difference in spelling, or it may end with a different domain. For example, a fake Nike website may be Nikee.com instead of Nike.com. Or, it could be Amazon.net instead of Amazon.com.
• Caller ID Spoofing: In this variation of spoofing, bad actors will deliberately falsify information that is transmitted to your caller ID to disguise their identity. Bad actors are able to do this via Voice over Internet Protocol (VoIP), which allows them to create a phone number and caller ID of their choosing. A common hallmark of these scams is a bad actor choosing the same area code as their target. This way, the person receiving the call is more likely to believe it is legitimate. Again, the goal is to have the target answer the phone, and present them with a situation where they are compelled to turn over valuable information.
• Text Message Spoofing: Similar to Caller ID spoofing, bad actors may use a fake phone number to send text messages to a target. These texts will often include links that will direct targets to a phishing page. Text message spoofing is a hallmark of "smishing" attacks.
• DNS Spoofing: Otherwise known as DNS cache poisoning, DNS spoofing is when altered DNS records are used to redirect online traffic to a malicious website, which very well may include elements of URL spoofing and website spoofing.
• IP Spoofing: This form of spoofing occurs when a bad actor, while trying to gain unauthorized access to a system, will send messages with a spoofed IP address to make it appear as though they are coming from a legitimate source. They are able to do so by taking a legitimate host's IP address and alerting the packet headers sent from their own system to appear from the original, trusted computer. IP spoofing can potentially lead to Distributed Denial of Service (DDoS) attacks.

Tips to Spot and Protect Yourself From Spoofing
Here are some of the red flags that will tell you that you are facing a spoofing attack, as well as what you can do to protect yourself and your valuable assets.

It is important to remember that no legitimate organization will ever ask you for personal details to remedy a problem or fulfill a request.

• Check the Email Sender: When you receive an email, particularly one that is asking you to fulfill a request, check to see who sent the email. Make sure the email address you see matches the one you have on file. Keep an eye out to see if there are any misspellings in the email address, as well as if it has different domain name than one that your company uses.
• Verify Any Requests: Especially in a business setting, verify any requests you may receive. Choose a method that is different than the manner in which you received the original request. For example, if a request came in via email, contact the person over the phone using a number that is on file, or visit the requestor in person.
• Pay Attention to the Website URL: Check the website URL whenever you visit a webpage. This is highly recommended if you are going to enter in sensitive information. Look to see whether the website URL is spelled correctly and that the domain ending is correct. Additionally, only visit websites that have HTTPS at the beginning of the URL. These websites are protected by encryption. A spoofed website is likely to only have HTTP at the beginning of the URL.
• Be On the Lookout For Bad Grammar: Be sure to carefully read any suspicious messages you may receive. Many spoofed elements are often written poorly and contain grammatical and spelling mistakes.
• Never Download Attachments or Click Links From Unknown Senders: If you do not recognize a sender, do not click any links or download any attachments from the message. They are likely malicious in nature, and could lead to phishing attacks or malware downloads.
• Do Not Answer Calls/Text Messages From Numbers You Don't Recognize: If you receive a phone call or a text from a sender you do not recognize, do not answer it. Let the call go to voicemail. You can always search the name of the entity that is claiming to contact you to see whether the phone number in question is legitimate.
• Leverage Spam Call Features and Third-Party Apps: To limit the amount of spam calls you receive, you can see whether your phone carrier has services or an app to filter spam calls. You may also want to download third-party apps that are designed to block spam calls as well.
• Scan Devices for Malware: Take the time to scan your devices for malware. Malicious malware may ultimately lead to falling victim to a DNS spoofing attack.
• Adjust Corporate Settings to Avoid IP Spoofing: For security professionals, ensure your networks are monitored for unusual activity, authenticate all IP addresses and use verification methods for all remote access.
• Secure Your Accounts: Protect your accounts with strong passwords and multifactor authentication, and adjust your privacy settings to safeguard your data.
• Avoid Sharing Too Much Information Online: Refrain from sharing any information unless it is absolutely neccesary. For example, if you do not need to share your phone number to create an account, leave that field blank.

What to Do If I Encounter Spoofing?
If you run into any spoofed elements, you can report them to the FCC's Consumer Complaint Center. You can also report fraud to the FTC, and contact your local police department if you lost money due to spoofing.