Complete spoofing analysis with security protection measures in 2021
According to a trusted source, 3.1 billion spoofed emails are sent every day, and worldwide, spoofing together with phishing attacks have had an impact of $26 billion since the year 2016.
Spoofing attacks can be extremely dangerous and hard to detect unless you know what to look for. This article will help you understand what spoofing is, what it can look like, and what security measures you should take to protect yourself from scammers.
Table of Contents
- Spoofed websites – how I almost got tricked into believing a hacker
- What is spoofing?
- Types of spoofing
- A quick glimpse into the criminal mind: how does a spoofing attack take place?
- How do I defend myself from spoofing?
Now, I must admit, I was looking at some dubious websites on the Internet, trying to find the perfect example of fake, spoofed web applications. For a second there, I was convinced by one.
I found a spoofed website that looks good at first sight. It is a flights search engine with the “Delta Airlines” logo. After looking a bit better, I saw more and more errors and mistakes made by the hackers. Let me tell you, in this article, how I did it and also what you should be looking for.
Spoofing is the action of pretending to be someone or something else to gain information or money from your target in a fraudulent way. Hackers use this technique to lure their victims into trusting them by behaving like a person they know or a legitimate company/institution.
Social engineering is a key element to spoofing. The attacker may trick you into trusting them fully by masking themselves as a person you know, a government institution, a bank, or a big company.
Spoofing is usually paired with phishing, but they are two different terms. Spoofing is the act of disguising yourself to appear as someone else, while phishing represents tricking someone into clicking, downloading, or sending something to the hacker.
There are several types of spoofing:
- Email spoofing, which the most used technique
- Website and/or URL spoofing
- Text message spoofing
- IP spoofing
- DNS spoofing etc.
This method can be masked as a request to provide sensitive information such as credit card details, account credentials, or even a direct payment to the sender.
In other cases, email spoofing can contain a link to downloadable malware. The target can be tricked into clicking a link that advertises a promotion, for example, but which actually downloads a virus or some other type of malware on their device.
Below you can see a spoofed email received by someone I know. The spoofed email came after placing an order on Amazon, so it has high credibility if you don’t know what to look for.
If you look at the sender, it has a very long and weird email address. The body of the email is also very short and prompts you to download a file.
This type of spoofing creates the illusion that a malicious website is legitimate by reproducing an interface very similar to a legitimate one or using a URL that resembles the original one in the hopes that the target will not notice the difference or that they will accidentally type the fake URL.
For example, if you are used to the appearance of your bank’s website, the attackers may deliver you a website very similar to that one and trick you into inputting your credentials.
This is a very dangerous type of attack because you may have no idea that you just gave some hackers your account details.
One thing to take into account regarding this type of attack is that a website may have a very similar URL to a legitimate one, so a small typo going unnoticed may lure you into the wrong side of the Internet.
I will now show you an example of a spoofed website.
Below you can see a screenshot taken from the legitimate Delta Airlines website.
This is the real website, which is safe to use.
Next, we’re going to see two fake websites. Please understand that these websites are a scam and should not be used in any way.
Notice the clean URL, the SSL certificate next to the URL, the logo of Delta Airlines, and a somewhat nice interface of the spoofed websites?
They are the perfect trap for a customer that is in a hurry to get the best flight deals. Just fill in some details and you gave some hackers your personal data.
How can you tell the websites are fake though?
Firstly, you're searching for flights, but they're asking for your name, email, and phone number? No such flights search engine does that.
Of course, for hackers this will be exactly the information they need to lure you into the perfect scam: in maybe just a few hours, you receive an offer on your email for, you guessed it, the flight you were looking for! And it's personalized, too, because you just gave them your name and your city.
If we go to the bottom of one of the websites, we find the "address" of Delta Airlines. However, if we do a quick search on Google, we see that it's a totally different one, and Delta Airlines is not based in New Jersey but in Atlanta, Georgia.
Also, let's not forget "Delta State" is not a state in the US. This is a fictional address.
Maybe a faster method to tell that the websites are fake is by looking at their complexity. In the previous photos, you can see that the hackers didn't spend that much time on their scam; the websites only have three pages: "Home", "About us", and "Contact us".
A company of the size of Delta Airlines would put much more work into their website.
Some companies use shorter phone numbers to protect their privacy; hackers may do the same and lure their victims into clicking malicious links by sending text messages under a different phone number.
Let’s take an example: what text message sender would rather give you a sense of security? A foreign, long, and weird phone number of a four-digit, short and sleek one?
This is a method of spoofing that is very hard to detect, especially by the normal internet user, and is usually used to bypass firewalls, access lists, and other protection methods.
In IP spoofing, a hacker will change the source IP address of a packet to make it look like it’s coming from a trusted source. In this way, access lists created to only accept certain IPs can be bypassed.
This goes hand-in-hand with website spoofing but tricks your computer rather than you to access the fake website. DNS spoofing or DNS cache poisoning refers to changing the IP address of a certain website in your DNS lists and therefore making your computer redirect you to the malicious website instead of the legitimate one.
This, as well as IP spoofing, does not involve any social engineering.
To better understand what spoofing is, let's take as an example an email spoofing attack and see what the steps the hackers would follow to successfully conduct such an action are.
- Firstly, either a generic or a targeted email will be written. The email will either ask for credentials, request a payment, or provide a link to download malware.
Possible messages like “Your bank account was leaked” or “You have won a big sum of money” can manipulate inexperienced users to act fast.
- Then, an email address will be created to make it appear as legitimate as possible. For example, if your bank uses the email [email protected], the email the attackers will use may be [email protected].
- The next step will be to identify the target or targets. Depending on the type of attack, it can be personalized by containing your name, or it can be neutral.
- If the hacker succeeds, they will collect the stolen money or data and never respond to the sent email.
- Make sure that the website you’re on is safe, especially if personal information is involved. It should have an SSL certificate, use HTTPS and have a little green lock next to the URL.
- Verify that the emails you’re getting have a valid sender; usually, legitimate institutions will not send you emails from Yahoo, Gmail, or other public email domains but rather from their own.
- Do not provide any account details if asked; a bank will always have your data and will not ask for that in a text message or an email.
- Pay attention to grammar; if an email seems odd and contains grammatical errors, it most likely is sent by an attacker.
- Don’t click on links that seem to be sent by someone you know; double-check over the phone before downloading or clicking anything.
- Hover over the hyperlinks to make sure they are legitimate before clicking on them.
- Install an antivirus. Two very used antivirus software are Avast and Malwarebytes.
- Make sure you only use strong passwords, keep them safe, change them regularly, and don’t reuse them; if an attacker manages to obtain your credentials, the impact of the attack is minimized.
- Don’t use links provided in emails for login; instead, go to the website yourself and log in that way.
- Google has a tool where you can check if a URL is safe or not without visiting it. Just type in the URL. However, you must not trust a website just because Google says it is safe – it might have not been discovered and added to Google’s database yet.
In the following infographic, you can see a few of the spoofing types as well as some measures of protection.
Hackers find more and more ways to trick you into clicking their links, downloading their malware, or giving them your money. You should be very careful on the Internet and trust no one.
Spoofing is a very dangerous attack because it may seem that it is coming from someone you trust or a legitimate institution, even from the government. The first reaction would be to trust such an email, text message, or website.
However, you should always be vigilant on the Internet and trust no one.
Were you ever the target of a spoofing attack? If so, please tell us in the comments how it was and what measures you take to protect yourself from such offensive cybersecurity actions.