What is Spoofing Attack? | Type of Spoofing — Explain Exploitbyte
Spoofing is a malicious practice employed by cyber scammers and hackers to deceive systems, individuals, and organizations into perceiving something to be what it is not. Communication is initiated by the spoofer to the victim or system from an unknown source but disguised to present itself as an authentic and safe sender. If you have ever received an email from a seemingly familiar source asking you to update your profile details because some funny system upgrade was necessary, then you have experienced spoofing.
Spoofing is the act of disguising a communication or identity so that it appears to be associated with a trusted, authorized source. Spoofing attacks can take many forms, from the common email spoofing attacks that are deployed in phishing campaigns to caller ID spoofing attacks that are often used to commit fraud. Attackers may also target more technical elements of an organization’s network, such as an IP address, domain name system (DNS) server, or Address Resolution Protocol (ARP) service, as part of a spoofing attack.
Type Of Spoofing :-
Caller ID Spoofing Attack
Spoofing attacks can also arrive as phone calls. In a caller ID spoofing attack, a scammer makes it appear as if their call is coming from a number the victim knows and trusts or, alternatively, a number that is associated with a specific geographic location. A caller ID spoofer may even use a number that has the same area code and the first few digits as the victim’s phone number, hoping that they will answer the call upon noticing a familiar number. This practice is known as neighbor spoofing.
If a victim of caller ID spoofing answers the call, the scammer on the other end of the line may impersonate a loan officer or other representative of an official-seeming institution. The fake representative will then often try to persuade the victim to give up sensitive information that can be used to commit fraud or perpetrate other attacks.
DNS Server Spoofing Attack:-
In much the same way ARP resolves IP addresses to MAC addresses on a LAN, the Domain Name System (DNS) resolves domain names to IP addresses. When conducting a DNS spoofing attack, an attacker attempts to introduce corrupt DNS cache information to a host in order to impersonate that host’s domain name-for example, www.onlinebanking.com. Once that domain name has been successfully spoofed, the attacker can then use it to deceive a victim or gain unauthorized access to another host.
DNS spoofing can be used for a MITM attack in which a victim inadvertently sends sensitive information to a malicious host, thinking they are sending that information to a trusted source. Or, the victim may be redirected to a site that contains malware. An attacker who has already successfully spoofed an IP address could have a much easier time spoofing DNS simply by resolving the IP address of a DNS server to the attacker’s own IP address.
ARP Spoofing Attack :-
Address Resolution Protocol (ARP) resolves an IP address to its physical Media Access Control (MAC) address for the purpose of transmitting data across a Local Area Network (LAN). In an ARP spoofing attack, a malicious actor sends spoofed ARP messages across a local area network for the purposes of linking their own MAC address with a legitimate IP address. That way, the attacker can steal or modify data that was meant for the owner of that IP address.
An attacker wishing to pose as a legitimate host could also respond to requests they should not be able to respond to using their own MAC address. With some precisely placed packets, an attacker can sniff the private traffic between two hosts. Valuable information can be extracted from the traffic, such as exchange of session tokens, yielding full access to application accounts that the attacker should not be able to access. ARP spoofing is sometimes employed in MITM attacks, DoS attacks, and session hijacking.
IP Address Spoofing
In an IP spoofing attack, an attacker will send IP packets from a spoofed IP address to hide their true identity. Attackers most often use IP address spoofing attacks in DoS attacks that overwhelm their target with network traffic. In such an attack, a malicious actor will use a spoofed IP address to send packets to multiple network recipients. The owner of the real IP address is then flooded with all of the responses, potentially experiencing a disruption in network service. An attacker may also spoof a computer or device’s IP address in an attempt to gain access to a network that authenticates users or devices based on their IP address.
Website Spoofing
it is all about making a malicious website look like a legitimate one. The spoofed site will look like the login page for a website you frequent-down to the branding, user interface, and even a spoofed domain name that looks the same at first glance. Cybercriminals use spoofed websites to capture your username and password (aka login spoofing) or drop malware onto your computer (a drive-by download). A spoofed website will generally be used in conjunction with an email spoof, in which the email will link to the website.
It’s also worth noting that a spoofed website isn’t the same as a hacked website. In the case of a website hacking, the real website has been compromised and taken over by cybercriminals-no spoofing or faking involved. Likewise, malvertising is its own brand of malware. In this case, cybercriminals have taken advantage of legitimate advertising channels to display malicious ads on trusted websites. These ads secretly load malware onto the victim’s computer.
Man-In-The-Middle Attack
You like that free Wi-Fi at your local coffee shop? Have you considered what would happen if a cybercriminal hacked the Wi-Fi or created another fraudulent Wi-Fi network in the same location? In either case, you have a perfect setup for a man-in-the-middle attack, so named because cybercriminals are able to intercept web traffic between two parties. The spoof comes into play when the criminals alter the communication between the parties to reroute funds or solicit sensitive personal information like credit card numbers or logins.
Side note: While MitM attacks usually intercept data in the Wi-Fi network, another form of MitM attack intercepts the data in the browser. This is called a man in the browser (MitB) attack.
How Spoofing Attack Works
Okay, so we’ve explored the various forms of spoofing and glossed over the mechanics of each. In the case of email spoofing, however, there’s a bit more worth going over. There are a few ways cybercriminals are able to hide their true identity in an email spoof. The most foolproof option is to hack an unsecure mail server. In this case the email is, from a technical standpoint, coming from the purported sender.
The low-tech option is to simply put whatever address in the “From” field. The only problem is if the victim replies or the email cannot be sent for some reason, the response will go to whoever is listed in the “From” field-not the attacker. This technique is commonly used by spammers to use legitimate emails to get past spam filters. If you’ve ever received responses to emails you’ve never sent this is one possible reason why, other than your email account being hacked. This is called backscatter or collateral spam.
Another common way attackers spoof emails is by registering a domain name similar to the one they’re trying to spoof in what’s called a homograph attack or visual spoofing. For example, “rna1warebytes.com”. Note the use of the number “1” instead of the letter “l”. Also note the use of the letters “r” and “n” used to fake the letter “m”. This has the added benefit of giving the attacker a domain they can use for a creating a spoofed website.
How To Detect Spoofing Attack
Here are the signs you’re being spoofed. If you see these indicators, hit delete, click the back button, close out your browser, do not pass go.
Website Spoofing
- No lock symbol or green bar. All secure, reputable websites need to have an SSL certificate, which means a third-party certification authority has verified that the web address actually belongs to the organization being verified. One thing to keep in mind, SSL certificates are now free and easy to obtain. While a site may have a padlock, that doesn’t mean it’s the real deal. Just remember, nothing is 100 percent safe on the Internet.
- The website is not using file encryption. HTTP, or Hypertext Transfer Protocol, is as old as the Internet and it refers to the rules used when sharing files across the web. Legitimate websites will almost always use HTTPS, the encrypted version of HTTP, when transferring data back and forth. If you’re on a login page and you see “http” as opposed to “https” in your browser’s address bar, you should be suspicious.
- Use a password manager. A password manager like 1Password will autofill your login credentials for any legitimate website you save in your password vault. However, if you navigate to a spoofed website your password manager will not recognize the site and not fill in the username and password fields for you-a good sign you’re being spoofed.
Email Spoofing
- Doublecheck the sender’s address. As mentioned, scammers will register fake domains that look very similar to legitimate ones.
- Google the contents of the email. A quick search might be able to show you if a known phishing email is making its way around the web.
- Embedded links have unusual URLs. You can check URLs before clicking by hovering over them with your cursor.
- Typos, bad grammar, and unusual syntax. Scammers don’t proofread their work.
- The contents of the email are too good to be true.
- There are attachments. Be wary of attachments-particularly when coming from an unknown sender.
How To Prevent From Spoofing
Pick up the phone. If you’ve received a suspicious email, supposedly from someone you know, don’t be afraid to call or text the sender and confirm that they, indeed, sent the email. This advice is especially true if the sender makes an out-of-character request like, “Hey, will you please buy 100 iTunes gift cards and email me the card numbers? Thanks, Your Boss.”
Show file extensions in Windows. Windows does not show file extensions by default, but you can change that setting by clicking the “View” tab in File Explorer, then checking the box to show file extensions. While this won’t stop cybercriminals from spoofing file extensions, at least you’ll be able to see the spoofed extensions and avoid opening those malicious files.
Invest in a good cybersecurity program. In the event that you click on a bad link or attachment, don’t worry, a good cybersecurity program will be able to alert you to the threat, stop the download and prevent malware from getting a foothold on your system or network. Malwarebytes, for example, has cybersecurity products for Windows, Mac, and Chromebook. Business users, we’ve got you covered too.
Turn on your spam filter. This will stop the majority of spoofed emails from ever making it to your inbox.
Don’t click on links or open attachments in emails if the email is coming from an unknown sender. If there’s a chance the email is legitimate, contact the sender through some other channel and confirm the contents of the email.
Log in through a separate tab or window. If you get a suspicious email or text message, requesting that you log in to your account and take some kind of action, e.g., verify your information, don’t click the provided link. Instead, open another tab or window and navigate to the site directly. Alternatively, log in through the dedicated app on your phone or tablet.
If you need more information about Enumeration or any topic you can comment below we will help you soon. And to learn hacking check more.
Originally published at https://exploitbyte.com on March 26, 2020.