KG LEGAL \ INFO
BLOG

Spoofing as a form of cybercrime

Along with the development of technology, which gives us more and more opportunities, the risk of cyber-attacks on our personal data is also growing. Hackers are using more and more sophisticated methods of compromising security to achieve their goal. One of the forms of cybercrime is spoofing, i.e. a group of attacks on ICT systems consisting in impersonating another element of the IT system, the effect of which is achieved by placing prepared data packets on the network or incorrect use of protocols.

Spoofing definition

The term “spoof” dates back over a century and refers to any form of trickery. However, today it is mostly used when talking about cybercrime. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source, which can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address, Address Resolution Protocol (ARP), or Domain Name System (DNS) server. It can be used to gain access to a target’s personal information, spread malware through infected links or attachments, bypass network access controls, or redistribute traffic to conduct a denial-of-service attack. Also it is a good way to gains access to someone’s device in order to execute a larger cyber-attack. Successful attacks can lead to infected computer systems and networks, data breaches, and loss of revenue – all liable to affect the organization’s public reputation. In addition, spoofing that leads to the rerouting of internet traffic can overwhelm networks or lead customers to malicious sites aimed at stealing information or distributing malware.

How spoofing works?

It can be applied to a number of communication methods and employ various levels of technical know-how, depending on hacker’s skills. It involves impersonating someone or something to trick a network or individual. Depending on the type of spoofing, hackers can send you various types of notifications, that appear to come from someone you trust to trick you into getting your private information. They can also use more technically demanding ways to trick even the network into directing you to bogus sites, that will then infect your computer.

Types of spoofing

Spoofing can occur in many different forms and various types of attacks. Some examples of different types of spoofing include:

  • Caller ID -> occurs when a scammer uses false information to change the caller ID (mostly using Voice over Internet Protocol ),
  • Website -> this type of spoofing is done by replicating a trusted site with the intention of taking users to a phishing or malicious site,
  • Email -> it consists in using a false email address and sending messages with malware,
  • Text message -> the same process as e-mail spoofing, but instead, hackers are using another person’s number to send text messages,
  • Address Resolution Protocol -> in order to modify or steal data, the hacker is linking their media access control to an IP address so then, he can access the data, that was originally meant for the owner of that address,   
  • GPS -> can target any mobile app, that relies on location and fake or interfere GPS signal,
  • DNS -> also known as cache poisoning, is used to reroute traffic to different IP addresses, in order to lead visitors to malicious websites,
  • Man – in – the – middle -> scammer hacks a WiFi network or makes a duplicate fraudulent WiFi network for rerouting sensitive information to themselves,
  • IP

This is the most complicated type of spoofing and at the same time, most dangerous one. Firstly, in order to fully understand those method, we should mention what the Internet Protocol is. It is the basic protocol for sending data over the Internet network and many other computers. The protocol specifies that each IP packet must have a header which, inter alia, contains the IP address of the sender of the packet, but the sender’s address in the header can be altered, so that to the recipient it appears that the packet came from another source. Hackers are using this possibility to create packets, which have a modified source address in order to either hide the identity of the sender, to impersonate another computer system, or both. It is a technique often to invoke DDoS attacks against a target device or the surrounding infrastructure.

How to recognize and protect yourself from spoofing?

We cannot effectively protect ourselves against all types of spoofing. Email, caller ID and text message spoofing are the easiest to recognize as it directly engages users. The primary way is to be vigilant for the signs of a spoof like: poor spelling, incorrect or inconsistent grammar, unusual sentence structure or turns of phrase. When this occurs, the recipient should not click on unfamiliar links, reply to suspicious messages or e-mails. In this case, installation of an antivirus, may also be a good option to reduce the risk. There can be also applied an ingress filtering, which examines incoming IP packets and looks at their source headers, rejecting packets, which do not match their origin.

Sources:

1. Spoofing, online: https://www.avast.com/pl-pl/c-spoofing access: 29.10.2021

2.  What is spoofing?, CyberEdu, online: https://www.forcepoint.com/cyber-edu/spoofing                    
access: 29.10.2021

3. What is Spoofing and How to Prevent a Spoofing Attack, Panda Security 29.12.2020,               
online: https://www.pandasecurity.com/en/mediacenter/panda-security/what-is-spoofing/             
access: 29.10.2021

4. What is IP spoofing?, CloudFlare, online: https://www.cloudflare.com/learning/ddos/glossary/ip-spoofing/
access: 29.10.2021

5. IP Address Spoofing, Wikipedia, online: https://en.wikipedia.org/wiki/IP_address_spoofing           
access: 29.10.2021

UP