What is a Spoofing Attack?

Continue reading to learn more about spoofing attacks and what you can do to protect yourself against them.

Get Protected Now

How Spoofing Attacks Work

Spoofing attacks work differently depending on the type being used by the cybercriminal. One thing all spoofing attacks have in common is they use the information they have about their victim to deceive them into looking as if a company or someone they know is contacting them.

Cybercriminals will then use various forms of communication methods and possibly create a website to make themselves look legitimate to further convince the victim to reveal sensitive information. When the victim gives up this information, they compromise their security and the cybercriminals can use the information for their own malicious benefits.

Get Protected Now

Common Types of Spoofing Attacks

Here are a few of the most common types of spoofing attacks.

Website spoofing

Website spoofing is when a cybercriminal creates a website that looks legitimate. The URL will resemble the site they're spoofing, but after closely examining the URL, you'll notice that there is something off. For example, instead of Google.com, the URL may look something like G0ogle.com.

The goal of spoofing a website is to steal sensitive information such as credit card numbers, login credentials, social security numbers and more. Depending on the spoofed site, they do this by either prompting you to enter your information manually or by infecting your device with malware.

Spoofed emails

Spoofed emails are commonly used to carry out phishing schemes. The cybercriminal will send an email that seems to be coming from someone you know or a company you have an account with. You can check the actual email address by hovering your mouse over the listed sender's name to reveal it. Upon further inspection, you'll notice the email address looks odd. For example, instead of support@[companyname].com, one character of the company name will be replaced with a different letter, symbol or number.

You may notice that the email is urging you to click on a link or attachment that can send you to a spoofed site or infect your device with malware.

Spoofed calls

When we receive a phone call, our phones display a caller ID – revealing who's calling us. Typically, when our phones display that the call is a “Spam Risk” we tend to not answer because it's likely the call is a scammer or telemarketer. However, cybercriminals have caught on to this and have started to spoof caller IDs.

When a caller ID is spoofed, it'll display itself as a phone number or name you're familiar with such as the name of the bank you use or a number using your same area code. By spoofing the caller ID, the cybercriminal easily gets you to pick up the phone and continues to pretend to be someone they're not. This can be dangerous because if you believe them, you may be tempted to share sensitive information they ask for – especially if it seems urgent.

IP spoofing

Internet Protocol (IP) spoofing is used by cybercriminals to hide the real source of IP packets so it's difficult to know where an attack came from. With the use of IP spoofing, the IP address is different from the actual source. This type of spoofing is commonly used to carry out DDoS and man-in-the middle (MITM) attacks – preventing the cybercriminals from getting caught by authorities and enabling them to bypass IP address blacklists. IP blacklisting is meant to filter out malicious IP addresses from accessing networks and is often used by organizations to prevent cyber attacks.

How to Detect Spoofing Attacks

Spoofing can be hard to spot if you don't pay close attention. Here are a few warning signs to look out for.

Use of urgent language

Urgent language through emails, phone calls or text messages can all be indications of spoofing. You'll notice that the urgent language could be prompting you to click on a link, attachment or urging you to reveal sensitive information. These should all be red flags for you to look out for, especially if these aren't messages you were expecting to receive.

Poor spelling and grammar

When you receive emails or text messages with spelling and grammar issues, you should not trust them. Remember, legitimate companies will communicate with you in a formal manner – meaning their grammar should be correct and nothing should be spelled wrong. Oftentimes these emails or messages go through various approvals, so if something is off, it should be alarming to you.

“Weird-looking” URL

In order to check if a site is spoofed, it requires you to take a close look at the website address – otherwise known as the URL. When a site is spoofed, the URL will look odd because one or more characters will be off. An example of a spoofed URL would be Amazonn.com instead of Amazon.com. If you notice this, it's a sign that the site you're on is spoofed.

How to Protect Against Spoofing Attacks

Spoofing can be hard to spot if you don't pay close attention. Here are a few warning signs to look out for.

Use a password manager

Password managers are tools that help you generate, manage and securely store your passwords. With a password manager, the only password you have to remember is your master password. When you download your password manager's browser extension, a feature that comes along with it is the ability to autofill login credentials. This can protect you against website spoofing since your password manager won't prompt you to autofill your login if it doesn't match the record saved in your vault.

Enable MFA/2FA on accounts

Multi-factor and two-factor authentication are authentication methods used to verify your identity before you can safely login to your account. Having these authentication methods in place prevents anyone but you from being able to access your accounts. This means, even if you were to enter credentials into a spoofed site and the cybercriminal gets away with your information, they wouldn't be able to successfully log in without additional verification such as a code sent via text message or generated through an authenticator app.

Enabling MFA or 2FA ultimately adds a critical extra layer or layers of security to your accounts.

Don't click on unsolicited links

It's important to be wary of unsolicited links. Always assume that they're malicious until you check the actual URL since cybercriminals can easily hide it behind a link that looks legitimate. A good way to check if a link is safe is by using a URL checker such as Google's Transparency Report or by simply hovering your mouse over the link to see the actual URL.

Unsolicited links can take you to spoofed websites, which can steal your sensitive information or infect your device with malware, so always be cautious.

Don't share personal information with just anyone

It goes without saying, you should never reveal sensitive information to anyone you don't know. This is tricky when it comes to spoofing attacks because it can be hard to tell if the person reaching out to you is legitimate. However, it never hurts to ask a person or company to verify who they are. Keep in mind that most of the time, companies you have accounts with will not ask you to reveal any personal information through phone calls, text messages or emails – especially if you weren't the one who reached out to them.

Stay Protected From Spoofing Attacks

The best way to protect yourself from spoofing attacks is by knowing what they are and what they do. Only then can you know how to spot them and prevent yourself from becoming a victim of these types of attacks. Implementing a password management solution can aid you in keeping your credentials secure in case you were to become a victim of a spoofing attack – start your free trial of Keeper today.

To report a spoofing attempt or if you've been a victim of this type of attack, submit a complaint to the FBI's Internet Crime Complaint Center (IC3).