07 Dec Common Spoofing Attacks
The most common 5 Spoofing attack types. Examples and Prevention Tips.
Spoofing is when cyber criminals disguise themselves as another person, brand, business or entity to carry out malicious acts such as distributing fake news as part of a misinformation campaign, stealing confidential and sensitive data or to spread malware. Spoof tactics range in sophistication from the simple and less technical spoofed email addresses and website URLs to the more advanced spoofing practices of spoofing IP addresses, Domain Name Servers (DNS) and Address Resolution Protocol (ARP).
The ultimate goal is to use spoofed email addresses, websites and even phone numbers to deceive victims to provide confidential information such as credit card details, downloading attachments (malware!) and clicking links that automatically install malicious software programs. By using familiar email addresses, phone numbers or web domains, end users would not doubt and suspect and trust such means. For instance, lately in Malta a spoof website with an identical look and feel was run on timesofmalta.eu instead of the original and authentic timesofmalta.com.
When carrying spoof attacks cyber criminals target to access sensitive data, spread malware, bypass access controls on company’s networks and in some cases redistribute traffic. All these lead to reputational damage which in turn affects the trust customers have in the brand.
5 Types of Spoofing Attacks
Hacker groups are well aware that organisations are increasingly investing in various protection measures, and therefore have diversified their hacking channels, and methods to succeed in their malicious intent.
Some of the most common types of spoofing attacks follow.
Email Spoofing Attacks
Cyber criminals use fake email addresses to commit a cyber crime. These attacks are the same as phishing scams. The hacker uses a false email address to send the email and trick the recipient into opening it, clicking on links within the email or executing instructions found in the email’s message.
The receiver will think that the email is from a trusted source. Such emails, at times, have malicious attachments that once downloaded and installed will open your system to various threats and exploits. Some of the tactics used by cyber criminals include the spoofing of the email address, the sender name, the company name or in some cases all three. The email would include company logos, email signature and the used content would be related to ‘usual’ work-related tasks. Usually the sense of urgency in such emails gives them away and is a concrete way of discovering an email is spoofed or a phishing attempt.
When in doubt, always get in touch with the original sender to clarify if it was sent by him/her or not.
Website Spoofing Attacks
Another commonly used technique used by cyber criminals is website (or URL) spoofing, commonly referred to as cybersquatting, whereby a website which is quasi identical to the original trusted site is used to steal credentials and other information from unsuspecting end users. This is usually done with sites that experience high online traffic. A practical example was the cloning of Facebook. Users entered login credentials and hackers stole such details and locked them out of their accounts.
Cyber criminals go into a great deal of detail to create fake websites that look legitimate with the same layout, colour scheme, menu structure, e-banners and tone of voice as the real site. Usually the url will be the same with a different TLD or include a ‘-’ in the domain name. Hackers usually email victims to direct them to spoofed websites.
SMS Spoofing Attacks
Similar to email spoofing, text messaging spoofing utilises a spoofed phone number to send malicious text messages. Cyber criminals carry out research and testing to understand what type of messages recipients are likely to receive and respond to or act on. These criminal gangs hide behind the phone number or sender name. A practical example saw scammers hiding behind household names such as DHL and Lombard Bank.
The text messages sent as SMSes or even through popular messaging apps such as WhatsApp use social engineering tactics to convince receivers to respond urgently such as to pay a fine, or login to track a parcel being shipped home.
IP Spoofing Attacks
As with all spoof attacks, cyber criminals hide their true identity to carry out their malicious attacks. In this case, the true identity together with the location of the device (PC or Smartphone) used by the attacker are hidden. When a network uses IP address authentication, a spoofed IP address will make it easy for them to gain access through the network.
Generally IP spoofing is used to commit DDoS attacks. Other uses include the hiding of hackers’ location from recipients when email and website spoofing is done.
Caller ID Spoofing Attacks
When a call comes from a familiar number, the chances are that the recipient will answer and comply with any instructions they receive such as the sharing of credit card details. Attackers spoof caller IDs to make their outbound calls appear familiar – for example the use of local numbers creates less suspicion when compared to calls coming from numbers from other continents.
Cyber criminals use social engineering tactics to engage people (victims!) into acting as per their instructions. Usually they pose as bankers, government officials or evening police officers.
Preventing Spoofing attacks
A well configured spam filter should stop the vast majority of spoofed emails from landing inside your inbox. Spoofing detection software, similarly, identify and impede ARP and IP spoofing attacks. Use the HTTPS protocol to encrypt your data-in-transit. Packet analysis and filtering helps identify and subsequently block traffic with incorrect source address information.
When emails come from an unfamiliar source, use an unusual writing style, have various spelling and grammatical mistakes, or are too good to be true, should raise red flags. When in doubt, always aim at confirming the email’s veracity in person. Cyber awareness training helps educate workforces to detect spoofing attacks, thus protecting themselves and ultimately the organisation.
Two real-life examples of spoofing attacks in the past few years which made headlines included:
- Facebook and Google were defrauded of more than $100 million between 2013 and 2015 through a fake invoice scam;
- Crelan bank of Belgium was duped into sending cyber attackers 70 million euro.
Consequences of spoofing attacks include the loss of sensitive information, which data is usually used by hackers to demand ransom and cause downtime. It is vital for businesses to take all the necessary precautions against spoofing attempts.
Cyber awareness training for all your employees is a recommended starting point. Book Now!