In cybersecurity slang, “spoofing” refers to a strategy in which a fraudster impersonates somebody else’s personality or credentials (personal or institutional) to earn a victim’s trust. The aim is to abuse that trust to meet the fraudster’s objective (access to a system, sensitive data, money, or installing malware).
What is spoofing?
Spoofing is an umbrella term rather than a specific type of attack or malware. It involves a cybercriminal attempting to pass as somebody else, such as a person or an organization that the victim would trust. The point is that, as the hacker earns that trust, he will use it to make the victim perform a series of unusual actions to help the hacker achieve a goal. So, whenever a digital criminal tries to pretend he’s somebody else, he’s spoofing.
Spoofing can happen through any communication channel available to both the victim and the scammer. It comes in many flavors, depending on the technological sophistication involved in each attempt.
Spoofing is an excellent example of “social engineering” in which the success of a criminal activity relies as much upon the ability of the criminal to psychologically manipulate the victim as on their degree of technical prowess. Kevin Mitnick is the most famous hacker whose exploits relied heavily on social engineering to succeed. These techniques play on the weakness of the human user as the most vulnerable link in the security chain because of fear, greed, or ignorance.
How does spoofing work?
Spoofing typically has two ingredients. First, there is the spoofed object, properly speaking. It can be a fake website, email, or something else (more on that later). Second is the element of interaction and social engineering in which the criminal tries to persuade the victim to perform a specific action.
So consider this scenario: an email arrives in the victim’s inbox. It seems legitimate and supposedly comes from a trusted senior officer in his company. The email requests the victim to transfer some money and explains why this transfer is needed. Then the spoofer is also ready to give extra persuasion if the victim doesn’t comply immediately, always keeping up his act and avoiding raising any suspicions.
On the surface, spoofing looks like a silly type of attack because it needs the victim’s collaboration to work. However, this technique functions, and it can be very harmful. A good spoof will grant the hacker network access and the chance to install malware or valuable information he can use in further attacks. Spoofing attacks on corporations can even lead to a ransomware attack which can be very costly.
Notably, spoofing is different from location spoofing/tweaking that many users carry out today for different purposes. For example, people do Pokemon Go spoofing to change your area in the game for extra fun.
Coming back to the bad spoofing, there are as many types of spoofing attacks as there are communication methods. The most common and direct involve phone calls, websites, and emails. The most complex ones involve IP addresses, DNS (Domain Name System) servers, and the ARP protocol. Let’s explore each kind.
Types of spoofing
Email is one of the most frequent means of spoofing attacks. In this attack, the sender includes forged email headers so the recipient will take them at face value. However, a close examination of the email would reveal inconsistencies that would give the game away. But it’s frequent for the recipient to assume that the message is legitimate. For example, if they recognize a name they know as the sender, they will probably trust it without paying attention to the rest of the information.
This type of spoofing usually requests money transfers or the credentials to enter a system. As an additional “perk,” the spoofed email sometimes includes an attachment that installs malware as soon as the recipient opens it. The optimal scenario for the hacker is to use a given recipient to infect a whole network.
The social engineering element is crucial for email spoofing because it’s about persuading human beings to do something they’re not supposed to do.
2. IP spoofing
It is a spoofing attack focused on a network, not an individual user.
In IP spoofing, the objective is to access an otherwise forbidden system. The attempt consists in sending messages with false IP numbers which mimic those that could originate within that network.