In cybersecurity, ‘spoofing’ is when fraudsters pretend to be someone or something else to win a person’s trust. The motivation is usually to gain access to systems, steal data, steal money, or spread malware.
Spoofing is a broad term for the type of behavior that involves a cybercriminal masquerading as a trusted entity or device to get you to do something beneficial to the hacker — and detrimental to you. Any time an online scammer disguises their identity as something else, it’s spoofing.
Spoofing can apply to a range of communication channels and can involve different levels of technical complexity. Spoofing attacks usually involve an element of social engineering, where scammers psychologically manipulate their victims by playing on human vulnerabilities such as fear, greed, or lack of technical knowledge.
Spoofing typically relies on two elements – the spoof itself, such as a faked email or website, and then the social engineering aspect, which nudges victims to take action. For example, spoofers may send an email that appears to come from a trusted senior co-worker or manager, asking you to transfer some money online and providing a convincing rationale for the request. Spoofers often know what strings to pull to manipulate a victim into taking the desired action – in this example, authorizing a fraudulent wire transfer – without raising suspicion.
A successful spoofing attack can have serious consequences – including stealing personal or company information, harvesting credentials for use in further attacks, spreading malware, gaining unauthorized network access, or bypassing access controls. For businesses, spoofing attacks can sometimes lead to ransomware attacks or damaging and costly data breaches.
There are many different types of spoofing attacks – the more straightforward ones relate to emails, websites, and phone calls. The more complex technical attacks involve IP addresses, Address Resolution Protocol (ARP), and Domain Name System (DNS) servers. We explore the most common spoofing examples below.
Among the most widely-used attacks, email spoofing occurs when the sender forges email headers to that client software displays the fraudulent sender address, which most users take at face value. Unless they inspect the header closely, email recipients assume the forged sender has sent the message. If it’s a name they know, they are likely to trust it.
Spoofed emails often request a money transfer or permission to access a system. Additionally, they can sometimes contain attachments that install malware — such as Trojans or viruses — when opened. In many cases, the malware is designed to go beyond infecting your computer and spread to your entire network.
Email spoofing relies heavily on social engineering — the ability to convince a human user to believe that what they are seeing is legitimate, prompting them to take action and open an attachment, transfer money, and so on.
How to stop email spoofing:
Unfortunately, it is impossible to stop email spoofing completely because the foundation for sending emails – known as the Simple Mail Transfer Protocol – doesn’t require any authentication. However, ordinary users can take simple steps to reduce the risk of an email spoofing attack by choosing a secure email provider and practicing good cybersecurity hygiene:
Whereas email spoofing focuses on the user, IP spoofing is primarily aimed at a network.
IP spoofing involves an attacker trying to gain unauthorized access to a system by sending messages with a fake or spoofed IP address to make it look like the message came from a trusted source, such as one on the same internal computer network, for example.
Cybercriminals achieve this by taking a legitimate host's IP address and altering the packet headers sent from their own system to make them appear to be from the original, trusted computer. Catching IP spoofing attacks early is especially important because they often come as part of DDoS (Distributed Denial of Service) attacks, which can take an entire network offline. You can read more in our detailed article about IP spoofing.
How to prevent IP spoofing – tips for website owners:
Website spoofing – also known as URL spoofing – is when scammers make a fraudulent website resemble a legitimate one. The spoofed website will have a familiar login page, stolen logos and similar branding, and even a spoofed URL that appears correct at first glance. Hackers build these websites to steal your login details and potentially drop malware onto your computer. Often, website spoofing takes place in conjunction with email spoofing – for example, scammers might send you an email containing a link to the fake website.
How to avoid website spoofing:
Caller ID spoofing – sometimes called phone spoofing – is when scammers deliberately falsify the information sent to your caller ID to disguise their identity. They do this because they know you are more likely to pick up your phone if you think it is a local number calling instead of one you don't recognize.
Caller ID spoofing uses VoIP (Voice over Internet Protocol), which allows scammers to create a phone number and caller ID of their choice. Once the recipient answers the call, the scammers try to obtain sensitive information for fraudulent purposes.
How to stop someone from spoofing my phone number:
Text message spoofing – sometimes called SMS spoofing – is when the sender of a text message misleads users with fake displayed sender information. Legitimate businesses sometimes do this for marketing purposes by replacing a long number with a short and easy-to-remember alphanumeric ID, ostensibly so that it's more convenient for customers. But scammers also do it – to hide their real identity behind an alphanumeric sender ID, usually masquerading as a legitimate company or organization. Often, these spoofed texts include links to SMS phishing (known as “smishing”) sites or malware downloads.
How to prevent text messaging spoofing:
Address Resolution Protocol (ARP) is a protocol that enables network communications to reach a specific device on a network. ARP spoofing, sometimes also called ARP poisoning, occurs when a malicious actor sends falsified ARP messages over a local area network. This links the attacker’s MAC address with the IP address of a legitimate device or server on the network. This link means the attacker can intercept, modify, or even stop any data intended for that IP address.
How to prevent ARP poisoning:
DNS spoofing – sometimes called DNS cache poisoning – is an attack in which altered DNS records are used to redirect online traffic to a fake website that resembles its intended destination. Spoofers achieve this by replacing the IP addresses stored in the DNS server with the ones the hackers want to use. You can read more about DNS spoofing attacks in our full article here.
How to avoid DNS spoofing:
GPS spoofing occurs when a GPS receiver is tricked into broadcasting fake signals that look like real ones. This means that the fraudsters are pretending to be in one location while actually being in another. Fraudsters can use this to hack a car's GPS and send you to the wrong place or – on a much bigger scale – can even potentially interfere with the GPS signals of ships or aircraft. Many mobile apps rely on location data from smartphones – these can be targets for this kind of spoofing attack.
How to prevent GPS spoofing:
Facial recognition technology is used to unlock mobile devices and laptops and increasingly in other areas, such as law enforcement, airport security, healthcare, education, marketing, and advertising. Facial recognition spoofing can occur through illegally obtained biometric data, either directly or covertly from a person’s online profiles or through hacked systems.
How to prevent facial spoofing:
Most facial recognition anti-spoofing methods involve Liveliness Detection. This determines whether a face is live or a false reproduction. There are two techniques involved:
In general, following these online safety tips will help to minimize your exposure to spoofing attacks:
In the US, victims of spoofing can file a complaint with the FCC’s Consumer Complaint Center. Other jurisdictions around the world have similar bodies with their own complaints procedures. If you have lost money due to spoofing, you can involve law enforcement.
The best way to stay safe online is by a robust antivirus software solution. We recommend Kaspersky Total Security: a well-rounded cybersecurity package that will protect you and your family online and ensure a safer internet experience.