Know how to identify and prevent a spoofing attack
Spoofing attacks are the ultimate form of cybercriminal trickery and deception. Cybercriminals disguise themselves and rely on trust to steal confidential information, install ransomware, and commit other cybercrimes.
Spoofing comes down to trust. Cybercriminals hide behind trusted people, domains, URLs, and the technical elements that make up a computer network. A spoofing attack can arrive in the inbox, with a phone call, in an attachment, or with a computer or network redirect.
If it can be faked, cybercriminals use it. Unfortunately, spoofing attack tactics do not have the same level of awareness as phishing, spear phishing, ransomware, and BEC. This needs to change. Often cybercriminals use a combination of spoofing, phishing, and ransomware to shut down networks and steal data.
The very nature of spoofing does make it more difficult for employees and IT teams to quickly identify a spoofing attack. The key to preventing spoofing attacks is awareness – the more people understand how spoofing happens and know how to identify spoofing, the easier it is to be proactive in keeping your company cyber secure.
Types of Spoofing Attacks
Spoofing attacks happen when cybercriminals launch either personal and direct cyber attacks through email or the phone or on a technical network level.
- Email Spoofing: Every part of the email can be spoofed including the sender name, display name, reply-to address, domain, and the actual email content.
- Extension Spoofing: This spoof attack hides the extension of an attachment, tricking victims into downloading executables that install malware.
- Caller ID Spoofing: The cybercriminal hides behind a faked phone number that looks like it comes from a local area code.
- Website Spoofing: Every aspect of the site looks real, including the layout, colors, logos, contact details, etc.
- Text Message Spoofing: The cybercriminal disguises themselves with the phone number, sender name, or both.
- IP Address Spoofing: Criminals hide behind a legitimate IP address, pretending to be another person or company.
- ARP Spoofing: Address Resolution Spoofing is an advanced and technical cyber attack that connects the cybercriminal’s Media Access Control (MAC) address to a real IP address.
- DNS Spoofing: This tactic is used to redirect traffic from the intended real IP address to a faked IP address.
- Facial Spoofing: This new type of spoofing relies on facial recognition software to unlock devices, buildings, and other secure areas.
With spoofing, cybercriminals have unlimited attack methods to convince victims to give up information and to steal from victims and companies without their knowledge.
How To Protect Your Company from Spoofing Attacks
To protect your company from spoofing attacks, as a security leader, you have two key areas of focus – preventing technical spoofing attacks and raising employee awareness.
Do the following to protect your company from technical spoofing attacks including IP address, DNS, and ARP spoofing:
- Enable two-factor authentication.
- Ensure that all applications, operating systems, network tools, and internal software are up-to-date and secure.
- Install malware protection, anti-spoofing detection software, anti-ARP tools, and anti-spam software.
- Establish network access rules that limit the use of personal devices and the sharing of information outside of your corporate network.
- Configure firewalls to block fake IP addresses.
- Take advantage of penetration testing to identify network vulnerabilities.
- Use packet filtering to blocks packets with invalid source information.
- Ensure all data is encrypted using HTTP Secure, Transport Layer Security (TLS), and Secure Shell (SSH).
- Use VPNs to encrypt data and secure remote connections to the corporate network.
- Use access control lists to stop unknown IP addresses from accessing your network.
To defend against non-technical spoofing including email, website, text message, and caller ID spoofing, it’s critical that you focus on reducing human risk. Many employees respond to emails and download attachments because they neglect to pause and read carefully. To change this, you need to use security awareness training and simulations that emphasize changing human behavior to eliminate the automatic trust response.
Download the Cyber Fraud Prevention Kit for resources that can help you build awareness of spoofing and other cyber threat attack types.
This is for employees
What You Need to Understand About Spoofing Attacks
Cybercriminals are savvy and use a range of tactics to trick you into responding to an email, downloading an attachment, or submitting a form on a website. With spoofing attacks, cybercriminals pretend to be a person or company that you know and trust.
Cybercriminals exploit your natural trust response to steal confidential information and to convince you to take actions that result in further cyber attacks. This abuse of trust is called social engineering and it uses convincing and urgent language in emails, phone calls, voicemails, text messages, and direct messages.
For example, you may receive an email from your colleague Sam Smith that asks you to download and review an attached work-related document. You don’t think twice about doing this because you know and work with Sam. As a result, you accidentally downloaded an executable that installed ransomware on your company network.
In this example, the cybercriminal used these spoofing attack techniques:
- The criminal disguises themselves as Sam Smith.
- The criminal’s email address is hidden and the only way to see it is by hovering your mouse over the name Sam Smith.
- The email uses language that takes advantage of human nature to help one another, convincing you to download the attachment.
- The extension for the attachment is hidden, displaying newfile.doc when the real filename is newfile.doc.exe.
Spoofing attacks are very hard to identify. Cybercriminals are well practiced in how to trick people into acting. If you are ever in doubt about the validity of an email, website, phone call, or text message – pause, do not respond and talk to your manager or colleague in the IT department.
How You Can Prevent a Spoofing Attack
You are our first line of defense against spoofing attacks. You can prevent and defend against a spoofing attack by remembering these tips:
- Do not open emails from people and companies you don’t recognize.
- Do not respond to emails that use a generic greeting such as sir or madam.
- Ignore emails that do not include a sender name.
- Be very suspicious of links in emails. Only click links that come from people that you know. No company will ever email you asking you to click a link to update your private details or credit card information.
- Be cautious about downloading attachments. Hover your mouse over the attachment to see the entire filename. When in doubt, do not download attachments.
- Carefully read the email or text message content. Look for spelling errors, grammatical errors, formal language, and urgent language. Real companies do not send emails with typos.
- If the email, text message, or voicemail uses language that urges you to act and respond quickly or threatens you – do not respond. This is a social engineering technique that cybercriminals rely on to trick you into thinking that you are helping someone or need to act to protect yourself. Official organizations including the police and government will never email you asking you for private information or leave voicemails that use scare tactics.
Spoofing works because cybercriminals are smart. They understand human nature. They know that you receive a lot of email and that you’re very busy. Cybercriminals exploit this with convincing language and by hoping that you’re too busy to pay attention to details.
You can prevent and defend against spoofing attacks. By slowing down, reading and listening carefully, and thinking twice before responding you can prevent spoofing.
Talk to your security leadership team or manager about interactive security awareness courses and simulations that can help you strengthen your knowledge of spoofing and cyber attacks.