Over the years, there’s been a growth not only in the importance of the internet but also the potential danger that lurks when surfing the World Wide Web. Those bad actors, or hackers as they’re called, are constantly finding new ways to gain access to computers, networks, and sensitive data. One of the most common types of cybercrime is spoofing. Read on to learn what this term means, how spoofing works, and how you can protect yourself from different types. Also discover how Avira Free Security can help you stay safer and more anonymous on the internet.
What is spoofing?
The term spoofing means something like “to fake” or “to deceive”. In practice, spoofers pretend to be another, trustworthy person or institution. Their goal isn’t just to mislead their potential victims — in most cases, they aim to steal confidential data, paralyze computer systems, or snoop on what someone gets up to online. The trust that’s been built makes victims of spoofing attacks more receptive to opening links and file attachments as well as sharing personal data.
How does spoofing work?
The aim of spoofing is always the same: To enable cybercriminals to gain access to their victims’ sensitive data. When communicating with the potential victim, they pose as a trustworthy source. This gives the recipient the impression that the content of the spoofing attack can be trusted. Spoofers basically use three common approaches to achieve their goal:
- Malicious software: Spoofers can use malicious links or file attachments to spread intrusive software like malware, scareware, or keyloggers so it gets onto the victim’s computer or smartphone. These malicious programs can spy on your device, slow it down, or make it completely unusable.
- Spoof websites: Spoofers can steal your login information by using spoof websites that look like the real, trustworthy deal. In most cases, potential victims land on these bogus websites by clicking links in emails or text messages.
- (Non-)verbal blackmail: Cybercriminals often — but not exclusively — use contaminated links, file attachments, and websites to harm their victims. Alternatively, spoofers often pretend to be someone else, building up trust gradually. Through social engineering, a persona and an environment are created that, over time, establishes an emotional connection to the victim. This means that the victim can be blackmailed without any use of technology, such as to make payments or provide services.
By the way: Despite what you may think, spoofing isn’t actually illegal in principle — although the scammers’ goals and ways they go about things are, of course. That said, you can also conceal your identity on the internet without having any criminal intentions yourself. One such tool that allows you to do just that is Avira Phantom VPN, which helps you navigate the internet more anonymously and securely.
The differences between spoofing, phishing, and pharming
Cybercrime has many names. To help you keep track, here’s an overview of the terms spoofing, phishing, and pharming.
- Spoofing is where potential victims are deceived. Cybercriminals take on an identity of someone the victim can trust to gain access to technical equipment, devices, or sensitive data.
- Phishing or phishing attacks essentially is spoofing on an industrial scale. Phishing involves numerous “baits” being sent randomly to recipients, primarily via email. Often, you can’t tell these emails apart from ones sent by well-known companies as they look identical. Phishing emails in the style of Amazon, DHL, or PayPal are particularly rife. With the sheer volume of emails sent, cybercriminals hope that they’ll find some victim who’ll click the spoof link.
- Pharming: In this case, the victim isn’t tricked into doing something via a fake email. Instead, the scam actually takes place by the victim visiting an actually trustworthy website. The perpetrators exploit vulnerabilities on the website’s server and redirect visitors to a different IP address than originally intended. The pages to which victims are redirected look deceptively similar to the actual website, so the potential victims’ don’t catch on and spot something’s fishy as quickly as they do with a phishing email.
Different types of spoofing — and how to protect yourself
There are many different ways and means a cybercriminal can use to perform a spoofing attack. You’ve probably come across one type or another before. To ensure you’re better prepared for such attacks, read on to learn about the most common types of spoofing, how to spot them, and what you can do to prevent them.
Email spoofing
Maybe you’ve gotten an email that turned out to be less reputable when you took a closer look at it. This is hardly surprising — email spoofing is the most common form of spoofing. Dubious senders of spam email disguise themselves as a legitimate person or entity to gain the recipient’s trust. This works so well because the emails appear credible in terms of their content as well as their design and sender address. In particular, the key to success is when the victim believes the email is from someone trustworthy.
To achieve this, the email header is manipulated in such a way that the sender’s true identity is concealed during delivery. This header is an important part of the email code, which contains all the key data: Sender, recipient, and all the tracking data.
The pitfall here is that the email transfer protocol SMTP (simple mail transfer protocol) can’t authenticate email addresses. In other words, the email is sent without checking whether the sender really is the person specified in the address line. Spoofers exploit this knowledge to impersonate being a different sender via email headers. On delivery, the recipients then see the same data that the SMTP has received from the sender.
How you can protect yourself: Pay attention to every email you receive and check it makes sense. Check the content, spelling, and grammar. The real damage is caused by phishing emails with links and file attachments. Never click links if you don’t consider the sender to be completely credible and if the content of the email seems any way suspicious to you. One of the best ways to check a link is to hover your mouse pointer over it without clicking it. This allows you to see the URL the link refers to and quickly spot if it’s a spoof page.
SMS spoofing
SMS spoofing is like the little brother of email spoofing. This method also involves manipulating the sender information so scammers can disguise themselves as a trusted person or a well-known company. There are two methods of SMS spoofing:
- The spoofers send a text from the victim’s cell phone to another person.
- The spoofers write a message to the victim from a different, usually unknown number and thereby gain their trust.
Like with emails, SMS spoofing aims to get the unsuspecting recipient to answer the message or tap a link.
How you can protect yourself: Never respond to messages from numbers you don’t recognize and never tap any links. If in doubt and you know the contact, send them a quick message to ask if what they sent is legitimate. Also consider how you normally interact with the person or company. If communication has so far only taken place via WhatsApp and/or email, you should also be suspicious.
IP and DDoS spoofing
IP spoofing focuses less on individual users and more on entire networks. IP packets are used for multiple devices to communicate with each other within a network. These packets travel between a sender and a recipient — just like packages we send by post. Each of these IP packets consists of a body (the content to be transmitted in the network) and a header (a kind of address line with all relevant routing information). Cybercriminals can find out the IP addresses in a network, generate IP packets, and disguise them within the header.
In doing so, spoofers can disguise themselves as a device within the network — even from outside. IP spoofing is often used as a “door opener” to DDoS spoofing. DDoS (distributed denial of service) attacks involve flooding a network with an uncontrollable amount of data. This amount of data can disrupt the network, slow it down, or even shut it down completely.
How you can protect yourself: It’s very difficult for IT administrators to protect their own network against IP spoofing. You should definitely check the network regularly for unusual activity. SIEM tools help companies keep an eye on all data traffic, analyze it, and take appropriate action. It can also be helpful to authenticate all IP addresses on the network. In addition, each device should have its firewall running.
Website spoofing
Website spoofing is essentially like spoof texts and emails. Here, a malicious website is disguised as a reputable one known to the victim. The login page, the whole layout, and the graphics seem familiar to the potential victim. By logging in to the fake website, you’re not actually logging in to your account as usual — you’re transmitting your login information straight into the scammers’ hands.
Another form of website spoofing is DNS spoofing. Here, the information in the website’s DNS server is manipulated in such a way that the website’s legitimate IP address is replaced with that of a malicious site. Although you might access a website as usual via your browser, you’re redirected to a deceptive copy.
How you can protect yourself: In most cases, website spoofing only works if the potential victim has previously received an email or text with a spoof link. This usually leads to the websites that intercept the login data. As such, never click or tap any dubious links in emails or texts. Any dodgy spelling and grammar can also reveal whether the website is fake. Additionally, always check that the websites are encrypted. You can tell this by looking at the address bar. The address should start with https:// and not http://.
Caller ID/phone spoofing
With caller ID or phone spoofing, scammers disguise the phone number so it looks credible. Although an unknown number can be used, it still appears trustworthy as the area code looks familiar. Potential victims are more likely to answer calls if the number, including the area code, appears legitimate.
Spoofers often use VoIP (voice over IP) for their scams. VoIP allows you to communicate over the internet rather than the traditional telephone network. However, this advanced technology enables spoofers to choose both a fake phone number and a display name of their choice. It’s possible that the victim’s display only shows the person’s or company’s name and not the actual number — so be aware.
How you can protect yourself: As a general rule, never answer calls from unknown numbers. Also find out if your cell network operator offers a service or app that detects and blocks incoming spam calls before they reach you. Alternatively, you can also use third-party apps. If you do, though, be aware that you’ll end up sharing your private data with the provider.
Address resolution protocol (ARP) spoofing
ARP enables communication to a specific device within a local network. By linking the MAC address (i.e. the unique hardware address) of your device with the IP address of a device within the target network, spoofers can intercept and manipulate traffic.
How you can protect yourself: To prevent your computer or smartphone from being hijacked, especially on public networks, we recommend using a VPN. This way, spoofers cannot find your device — and your IP address is also masked. Avira Phantom VPN helps you to be safer and more anonymous on the internet.
Spoofing in trading
While all the types of spoofing mentioned so far aim to enable scammers to pose as a trustworthy source, fraud in the financial market works differently. Spoofing in trading involves manipulating market activity by presenting false facts and in doing so manipulating other traders in their actions. For example, prices can be artificially inflated by faking high demand. Before the order goes through, the scammers cancel their request.
Traders can use large buy or sell orders to simulate short-term stock movements, causing other traders to act rashly. The behavior of other traders is influenced by manipulating the market through feigned interest. Once the other market participants have traded, the spoofer withdraws their offer — but the other traders have already reacted and given the scammer a (usually small) profit.
How you can protect yourself: Spoofing in trading is a real problem in the financial markets. International regulators are working non-stop to combat such practices. As a market participant, you should try to always stay up to date with the latest guidelines and developments regarding spoofing. Share ideas with other traders and act logically and carefully.
GPS spoofing
GPS spoofing is rare and isn’t used to harm private individuals. Essentially, GPS spoofing allows scammers to conceal their true location. This can lead to law enforcement being misled, especially in cases of car theft, for example. In very rare instances, GPS spoofing is also used to manipulate maritime or air traffic. However, this is irrelevant to most people’s everyday lives. In addition, advanced anti-GPS spoofing technologies are already being used to combat this issue.
Face spoofing
Face spoofing involves illegally stealing biometric data and using it to unlock devices. The scammers do it in the hope of gaining access to smartphones, laptops, computers, and any devices that rely on facial recognition. Scammers easily obtain biometric data via the online profiles of potential victims or via hacked systems. Thankfully, though, most modern devices rely on what’s known as liveness detection by taking into account movements and gestures, such as a wink, to ensure the person is alive and real. There are also tools that provide specific facial movements for you to imitate during verification.
Surf the internet more safely with Avira Free Security
If you follow our tips and advice, you’ll be much safer on the internet. However, you still might click a bogus link or interact with a fake email or website. That’s where dependable antivirus software can help you out by detecting such threats faster and more reliably.
With Avira Free Security, you get our popular all-in-one solution: Improved protection against malware, anonymous surfing thanks to a VPN, and a cleaned up PC thanks to 30 built-in tuning tools. Don’t give spoofing a chance, and surf the internet more safely.