Along with the development of technology, which gives us more and more opportunities, the risk of cyber-attacks on our personal data is also growing. Hackers are using more and more sophisticated methods of compromising security to achieve their goal. One of the forms of cybercrime is spoofing, i.e. a group of attacks on ICT systems consisting in impersonating another element of the IT system, the effect of which is achieved by placing prepared data packets on the network or incorrect use of protocols.
The term “spoof” dates back over a century and refers to any form of trickery. However, today it is mostly used when talking about cybercrime. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source, which can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address, Address Resolution Protocol (ARP), or Domain Name System (DNS) server. It can be used to gain access to a target’s personal information, spread malware through infected links or attachments, bypass network access controls, or redistribute traffic to conduct a denial-of-service attack. Also it is a good way to gains access to someone’s device in order to execute a larger cyber-attack. Successful attacks can lead to infected computer systems and networks, data breaches, and loss of revenue – all liable to affect the organization’s public reputation. In addition, spoofing that leads to the rerouting of internet traffic can overwhelm networks or lead customers to malicious sites aimed at stealing information or distributing malware.
It can be applied to a number of communication methods and employ various levels of technical know-how, depending on hacker’s skills. It involves impersonating someone or something to trick a network or individual. Depending on the type of spoofing, hackers can send you various types of notifications, that appear to come from someone you trust to trick you into getting your private information. They can also use more technically demanding ways to trick even the network into directing you to bogus sites, that will then infect your computer.
Spoofing can occur in many different forms and various types of attacks. Some examples of different types of spoofing include:
This is the most complicated type of spoofing and at the same time, most dangerous one. Firstly, in order to fully understand those method, we should mention what the Internet Protocol is. It is the basic protocol for sending data over the Internet network and many other computers. The protocol specifies that each IP packet must have a header which, inter alia, contains the IP address of the sender of the packet, but the sender’s address in the header can be altered, so that to the recipient it appears that the packet came from another source. Hackers are using this possibility to create packets, which have a modified source address in order to either hide the identity of the sender, to impersonate another computer system, or both. It is a technique often to invoke DDoS attacks against a target device or the surrounding infrastructure.
We cannot effectively protect ourselves against all types of spoofing. Email, caller ID and text message spoofing are the easiest to recognize as it directly engages users. The primary way is to be vigilant for the signs of a spoof like: poor spelling, incorrect or inconsistent grammar, unusual sentence structure or turns of phrase. When this occurs, the recipient should not click on unfamiliar links, reply to suspicious messages or e-mails. In this case, installation of an antivirus, may also be a good option to reduce the risk. There can be also applied an ingress filtering, which examines incoming IP packets and looks at their source headers, rejecting packets, which do not match their origin.
1. Spoofing, online: https://www.avast.com/pl-pl/c-spoofing access: 29.10.2021
2. What is spoofing?, CyberEdu, online: https://www.forcepoint.com/cyber-edu/spoofing
access: 29.10.2021
3. What is Spoofing and How to Prevent a Spoofing Attack, Panda Security 29.12.2020,
online: https://www.pandasecurity.com/en/mediacenter/panda-security/what-is-spoofing/
access: 29.10.2021
4. What is IP spoofing?, CloudFlare, online: https://www.cloudflare.com/learning/ddos/glossary/ip-spoofing/
access: 29.10.2021
5. IP Address Spoofing, Wikipedia, online: https://en.wikipedia.org/wiki/IP_address_spoofing
access: 29.10.2021