Spoofing (spoofing) - cyber attack
Spoofing (from the English word spoofing) is a cyber attack within which the swindler issues himself for any reliable source to get access to important data or to information. Such substitution (spoofing attack) can happen via websites, e-mail, phone calls, text messages, the IP addresses and servers.
Content |
As a rule, the main objective of spoofing – to get access to personal information, to steal money, to bypass access control to network or to distribute the malware through links to the infected web pages or the infected files attached in the e-mail / message. At any form of communication on the Internet swindlers will try to use spoofing to try to steal your online personality and IT assets[1].
As there is a spoofing
The term "spoof" (spuf) in English exists more century and belongs to any form of deception. However it is generally used when it is about cyber crime. Every time when the swindler masks himself under other person (the organization, the website, the sender and so forth), such case is a spoofing.
Spoofing can be applied to different communication links and involve different levels of technical know-how. That spoofing attack was successful, it should include a certain level of social engineering. It means that methods which are used by swindlers are capable to deceive effectively the victims and to force them to provide the personal information. Swindlers use methods of social engineering to play on vulnerable human qualities, such as greed, fear and naivety.
Example of this kind of social engineering is the case when the swindler relies upon sensation of fear of the victim in attempt to catch from it information or money. Fraud with grandsons is when the swindler pretends to be the family member (grandson) and allegedly says to the victim (the grandmother or the grandfather of this grandson) that it has troubles and it urgently needs money. Swindlers often aim in such situations at elderly people because of prejudiced idea that elderly people are less technically competent.
Types spoofing attacks
Spoofing can be implemented in different forms and types of the attacks of which you should be careful. Here several examples of different types of spoofing:
Spoofing with substitution of calling number (Caller ID Spoofing)
Caller ID allows the receiver of phone call to define the identity of the one who calls. Such type of spoofing occurs when the swindler uses false information for change of a calling line identifier (i.e. the swindler makes allegedly other phone calls – for example, phone of your friend). As spoofing with substitution of a calling line identifier makes impossible blocking of number, many telephone swindlers use such type of spoofing to hide the real phone number from which this call is performed finally to hide the personality. Sometimes swindlers use your city code to make an impression that a call local.
The majority spoofing attacks with substitution of a calling line identifier happens to the help of VoIP (Voice over Internet Protocol) which allows swindlers to create the phone number and a name of a calling line identifier at the choice. As soon as the receiver of a call answers a call, the swindler will try to convince him to provide to it information important required.
Spoofing with substitution of the website (Website Spoofing)
Spoofing with substitution of the website is a type spoofing attack within which the swindler tries to create the dangerous (harmful) website similar to the reliable safe website (for example, the known bank), using its fonts, colors and logos. Such spoofing is carried out by replication of the original reliable website for the purpose of involvement of users on specially created counterfeit phishing or harmful site. Such "copied" websites, as a rule, have approximately the same address of the website, as well as the original original site, and therefore, at first sight, seem to normal users the real (original) websites. However such "copied" websites usually are created for illegal obtaining personal information of the visitor of the website.
Spoofing with substitution of the e-mail address (Email Spoofing)
Spoofing with substitution of e-mail is a type spoofing attack within which the swindler sends e-mails with the counterfeit addresses of senders with intention to infect your computer with malware, to catch money or to steal information. As the e-mail addresses of senders those addresses to which you can trust (the fellow worker, the friend, the relative, your bank, etc.) are often substituted.
Also as the e-mail addresses of senders those addresses which are very similar to the addresses of senders famous to you (an imperceptible difference in a letter/digit) can be substituted, or the swindler can mask the From field ('From') with a source address and to specify that e-mail address to which you can trust in accuracy.
Spoofing with substitution of the IP address (IP Spoofing)
When the swindler aims to hide real location on the Internet of that place from where are requested or where these users/victims go, spoofing with substitution of the IP address is usually used. The purpose of IP spoofing consists in forcing the computer of the victim to think that information sent by the swindler to the user recognizes a reliable source that allows harmful content to reach the user.
Spoofing with substitution of the DNS server (DNS Server Spoofing)
Spoofing with substitution of Domain Name System (DNS), also known as "cache poisoning", is used for redirection of traffic of the user to the counterfeit IP addresses. Such method allows to redirect users on the harmful websites. Within such attack the swindler changes the IP addresses of the DNS servers specified on the computer of the victim for the counterfeit IP addresses which the swindler wants to use for deception of the victim.
ARP spoofing (ARP Spoofing)
ARP spoofing (Address Resolution Protocol) is often used for change or theft of data and also for computer hacking of the victim in its session (connection). For this purpose the malefactor will connect himself with the IP address of the victim to have an opportunity to get access to those data which initially intended for the owner of this IP address (i.e. the victims).
SMS spoofing (Text Message Spoofing)
Spoofing with substitution of text messages (it is known also as SMS spoofing) is a type spoofing attack within which the swindler sends text or the Sms, using the phone number of other person. Swindlers do it, hiding the personality behind the alphanumeric identifier of the sender, and usually links for loading of malware or for transition to phishing sites include in the messages. We recommend to you to get acquainted with councils for security of mobile devices if you consider that data on your phone are compromised.
GPS spoofing (GPS Spoofing)
The attack like GPS spoofing happens for "deception" of the GPS receiver when counterfeit signals which remind the presents are transmitted. In other words, the swindler pretends that is in one place, and actually is in another. Swindlers can use such acceptance, for example, to crack GPS in the car and to send you to the false address or even to interfere with GPS signals of the ships, airplanes, etc. Any mobile application which relies upon data on location of the smartphone can become a target for the attack of this kind.
Attack of the intermediary or "person in the middle" (Man-in-the-middle Attack, MitM)
The attacks like Man-in-the-middle (MitM) happen when the swindler hacks Wi-Fi network or the network in the same place for interception of web traffic between two parties of connection (the sender and the receiver of traffic) creates duplicative counterfeit Wi-Fi. Using such attack swindlers can redirect to themselves the confidential information used by the victim, such as logins, passwords or numbers of bank cards.
Spoofing with substitution of expansions of files (Extension Spoofing)
To disguise malware, swindlers often use spoofing with substitution of expansions. For example, they can rename the file into "filename.txt.exe", having hidden the malware in expansion. Thus, the file which seems the text document actually at its opening starts the malware.
How to learn whether apply to you spoofing methods
If you suspect that you are deceived, pay attention to the following indicators of the most widespread types of spoofing:
Spoofing with substitution of the e-mail address (Email Spoofing)
- Pay attention to a source address: if you are not sure whether the letter received by you is legal, check the address twice. Swindlers often create the similar addresses. If this suspicious letter, but at the same time the exact e-mail address of the sender is specified, then separately contact this sender to confirm legality of his letter.
- Be careful with mail investments: be careful, so far as concerns investments in the e-mail from the unknown sender or even from the famous sender if their contents look suspicious. If you doubt, do not open such investments as they may contain viruses and other malware.
- Pay attention to bad grammar: if the letter contains unusual grammatical errors and typos, it can be harmful
- Conduct a small research: find contact information of the sender in the Internet and contact it directly to learn whether the letter is real. Besides, look for letter contents through search engine (for example, Google) if it seems suspicious. As a rule, if the content of the letter looks too tempting to be the truth, then it can demonstrate the fraudulent nature of the letter.
Spoofing with substitution of the website (Website Spoofing)
- Check an address bar in your browser: the counterfeit website, most likely, will not be protected. To check it, look in an address bar at existence of the letter "s" at the end of the name of the https:// protocol. This letter "s" means "safe", i.e. the website is ciphered and protected from cyber-criminals. If in the name of the protocol of the address of the website is not present at the end of the letter "s", then it does not mean automatically that you are on the counterfeit website, but, nevertheless, we recommend to you to check additional signs.
- Try a password manager: the software used for automatic filling of registration data for authorization does not work at counterfeit websites. If the software does not autocomplete a field with the password and a user name, then such behavior of a password manager can be sign of falseness of the website.
- Lack of the character with a lock: legitimate websites have the character of a lock or the green band to the left of the website URL address indicating security of this website.
Spoofing with substitution of calling number (Caller ID Spoofing) You receive calls from unknown numbers: persistent calls from unknown number usually are sign of spoofing. In this case do not answer such calls or do not pick up the phone at once. You receive strange answers: if you receive answers to calls or messages which you never did, it can be sign that your number was forged. For example, you can receive text messages from people who ask who you why you called them why you disturb them and so forth are. The calling number shows number of intelligence agency (for example, "911"): instead of calling number number any of special services (for example, "911") instead of the actual, real phone number of the defiant party can sometimes be shown
How to be protected from spoofing attacks
There is a number of recommendations which to you should adhere to protect itself from spoofing attacks. Remain on a step ahead of swindlers with our useful tips that should be done and that should not be done:
It is necessary to do
- Turn on spam filter: it will prevent hit of the majority of counterfeit letters in your mailbox.
- Study the message: if potential spoofing attack contains signs of bad grammar or unusual sentence structure, it can demonstrate the illegal nature of the message. Besides, do not forget to check twice the URL address of the website or a source address of e-mail.
- Confirm information: if the e-mail or a call seem suspicious, send the message or separately call the sender to check whether information obtained by you is legal or not. If the letter or a call were made allegedly from any organization, try to find its website or the phone number in the Internet to check this information on the website or in their call center.
- Guide a mouse pointer before click at the link: if the URL address looks suspiciously, guide the mouse cursor at the link precisely to see where the link will bring you before clicking it.
- Configure multi-factor authorization: it is a great way to add one more level of protection to your data of access. However it is not 100% protection, and therefore be convinced that you use also other precautionary measures.
- Use antivirus software: software installation for information security is the best protection, when it comes to protection against swindlers on the Internet. If you had problems, download the program for removal of malware or the antivirus software to protect your computer from any harmful threats or viruses.
It is not necessary to do
- Do not click on the unfamiliar links: If the link looks suspicious, refrain from clicking it. If it came from the potential malefactor, then it can lead to loading of the malware or other viruses which can infect your computer.
- Do not respond to e-mails or calls from unknown senders: if the sender is unrecognizable, do not answer a call or the e-mail. It can help to prevent any communication with the potential swindler.
- Do not disclose personal information: avoid disclosure of your personal and confidential information (for example, number of the bank card, social insurance, logins and passwords, etc.) if you are not sure that you communicate with a reliable source.
- Do not use the same password: create different and reliable passwords which it will be more difficult for swindlers to guess for all the accounts. Often change them in case the swindler will take control of one of them. Besides, avoid use of the same password for the majority of your accounts.
See Also
- Censorship on the Internet. World experience
- Censorship (control) on the Internet. Experience of China
- Censorship (control) on the Internet. Experience of Russia, Roskomnadzor
- Law on regulation of Runet
- VPN and privacy (anonymity, anonymizers)
- Protection of critical information infrastructure of Russia
- Law On security of critical information infrastructure of the Russian Federation
- National Biometric Platform (NBP)
- Single Biometric System (SBS) of these clients of banks
- Biometric identification (market of Russia)
- Directory of solutions and projects of biometrics
- Digital economy of Russia
- Information security of digital economy of Russia
- SORM (System for Operative Investigative Activities)
- State detection system, warnings and mitigations of consequences of the computer attacks (State system of detection, prevention and elimination of consequences of computer attacks)
- National filtering system of Internet traffic (NASFIT)
- Yastreb-M Statistics of telephone conversations
- How to bypass Internet censorship of the house and at office: 5 easy ways
- The auditor - a control system of blocking of the websites in Russia
- The Single Network of Data Transmission (SNDT) for state agencies (Russian State Network, RSNet)
- Data network of public authorities (SPDOV)
- Single network of telecommunication of the Russian Federation
- Electronic Government of the Russian Federation
- Digital economy of Russia
- Cyber crime in the world
- Requirements of a NIST
- Global index of cyber security
- Cyber wars, Cyber war of Russia and USA
- Cyber crime and cyber conflicts: Russia, FSB, National coordination center for computer incidents (NKTsKI), Information Security Center (ISC) of FSB, Management of K BSTM of the Ministry of Internal Affairs of the Russian Federation, Ministry of Internal Affairs of the Russian Federation, Ministry of Defence of the Russian Federation, National Guard of the Russian Federation
- Cyber crime and cyber conflicts: Ukraine
- Cyber crime and cyber conflicts: USA, CIA, NSA, FBI, US Cybercom, U.S. Department of Defense, NATO, Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA)
- Cyber crime and cyber conflicts: Europe, ENISA
- Cyber crime and cyber conflicts: Israel
- Cyber crime and cyber conflicts: Iran
- Cyber crime and cyber conflicts: China
- As the USA spied on production of chips in the USSR
- Security risks of communication in a mobile network
- Information security in banks
- Digital transformation of the Russian banks
- Overview: IT in banks 2016
- The policy of the Central Bank in the field of data protection (cyber security)
- Losses of the organizations from cyber crime
- Losses of banks from cyber crime
- Trends of development of IT in insurance (cyberinsurance)
- Cyber attacks
- Overview: Security of information systems
- Information security
- Information security (world market)
- Information security (market of Russia)
- The main trends in data protection
- Software for data protection (world market)
- Software for data protection (the market of Russia)
- Pentesting (pentesting)
- Cybersecurity - Means of enciphering
- Cryptography
- VPN - Virtual private networks
- Security incident management: problems and their solutions
- Authentication systems
- Law on personal data No. 152-FZ
- Personal data protection in the European Union and the USA
- Quotations of user data in the market of cybercriminals
- Jackpotting
- Virus racketeer (encoder)
- WannaCry (virus racketeer)
- Petya/ExPetr/GoldenEye (virus racketeer)
- Malware (malware)
- APT - Targeted or target attacks
- DDoS and DeOS
- Attacks on DNS servers
- DoS-attacks on content delivery networks, CDN Content Delivery Network
- How to be protected from DDoS attack. TADetails
- Rootkit
- Fraud Detection System (fraud, fraud, fraud detection system)
- Solutions Antifraud directory and projects
- How to select an antifraud system for bank? TADetails
- Security Information and Event Management (SIEM)
- Directory of SIEM solutions and projects
- Than a SIEM system is useful and how to implement it?
- For what the SIEM system is necessary and as it to implement TADetails
- Intrusion detection and prevention systems
- Reflections of local threats (HIPS)
- Confidential information protection from internal threats (IPC)
- Phishing, DMARC, SMTP
- Trojan
- Botha's botnet
- Backdoor
- Worms Stuxnet Regin
- Flood
- Information loss preventions (DLP)
- Skimming (shimming)
- Spam
- Sound attacks
- Antispam software solutions
- Classical file infectors
- Antiviruses
- Cybersecurity: means of protecting
- Backup system
- Backup system (technologies)
- Backup system (security)
- Firewalls
Notes
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |