+4 votes
in Security by (242k points)
Spoofing: what it is and how to prevent it

1 Answer

+5 votes
by (1.6m points)
Best answer

How to protect yourself from spoofing attacks
User-directed spoofing attacks
Detect and prevent spoofing attacks
Minimize the attack surface
Avoid spoofing attempts
URL spoofing


Spoofing: what it is and how to prevent it

The word spoofing comes from English and means something like mockery or parody . In this context, it rather refers to a forgery . The term is also used as a verb ( to spoof ) with the same meaning, that is, to falsify an identity trait in order to deceive the other by hiding their identity..

In general, spoofing attacks are intended to convince the victim to take an action, assume the authenticity of certain information, or acknowledge the authority of a source. If that sounds a bit abstract to you, here are two popular offline examples:

  1. The Scam Couple: To get money from the victim, the scammer pretends to be a spouse in love.
  2. The grandson trick: someone calls an older person on the phone pretending that he is his grandson and has an emergency in order to get the victim to transfer him.

In both cases, the scam is based on the information. Obviously, digital systems offer many more opportunities to commit fraud of this type. Through the Internet, it is possible to send a large volume of messages with very little effort. At the same time, it is often relatively easy to falsify the identifying characteristics of messages . Many spoofing attacks can be perpetrated because the Internet was conceived as an open system , one of the reasons why so much effort continues to be devoted to increasing network security.

  1. How to protect yourself from spoofing attacks
    1. Detect and prevent spoofing attacks
    2. Minimize the attack surface
      1. Limit the personal data you post
      2. Don't accept friend requests lightly
      3. Apply good safety routines
      4. Change default settings
      5. Use safe devices
    3. Avoid spoofing attempts
  2. User-directed spoofing attacks
    1. URL spoofing
      1. Falsification of the title of a link
      2. URL spoofing in the address bar or email header
    2. Email spoofing
  3. Spoofing in networks
    1. DNS spoofing
    2. MAC spoofing
    3. ARP spoofing
    4. IP spoofing

How to protect yourself from spoofing attacks

Since spoofing attacks cover a wide variety of possible scenarios, there is no single way to protect against them. Fortunately, there are a number of general behaviors that, taken together, minimize the risk of ending up as the victim of a spoofing attack ..

Detect and prevent spoofing attacks

You can only prevent an attack if you are able to detect it. If the target of the spoofing attack is the smallest data packets that are being exchanged over the network, you most likely don't realize it. For this reason, you probably won't be able to take any personal action to prevent network attacks , in which security breaches are closed by security updates from software manufacturers .

In any case, the most common spoofing attacks are directed at people because they are more profitable: the attacker contacts the victim directly , for example, by phone or email. Most of the time, the intention is to get the other party to take an action. If the spoofing attack aims to obtain user information (such as passwords or bank details), we will speak of a phishing attack .

The so-called spear phishing it is especially dangerous because it is specifically directed at a person or entity. The word spear means harpoon and illustrates this type of attack well: the victim receives a message that contains concrete and apparently credible information . Convinced of the authenticity of the content, the attack fully reaches the victim, totally unprepared..

Minimize the attack surface

To make their work as easy as possible, attackers often aim for the easiest target. Therefore, it is convenient to minimize our own attack surface by taking some simple and general measures that make us lose attractiveness as prey. Furthermore, many attacks are only successful if information from different sources is combined . Therefore, if little information is available about you, cybercriminals will have a harder time.

To protect yourself, we recommend internalizing the following behaviors.

Limit the personal data you post

The more information the attacker has and the more detailed it is, the more credible the phishing attacks will appear . Therefore, you should publish as little personal data as possible. For example, you should never publish your date of birth . Such private data is often used by customer service personnel to verify the identity of the caller. Although this procedure is not very safe, it is used frequently.

It is also important to be cautious when providing professional data, such as your position in the company. If you can afford it, update the profiles of pages like LinkedIn, Xing or Facebook with a delay of six months .

Don't accept friend requests lightly

If the attacker does not find much information about the victim, they usually resort to another trick: create an account on social networks , such as Facebook, and send them a friend request. By accepting it, the person opens the door to the attacker to obtain information that he only shares with his acquaintances. The data is often used later for fraud.

Criminals using this form of attack often resort to a popular method: opening an account under the name of an acquaintance of the victim . If this is not possible, they often put the image of an attractive person with a seductive attitude as a profile picture, causing many to fall into the trap and fall victim to deception.

Apply good safety routines

To protect yourself against attacks, you should follow the common recommendations for computer security: keep your operating system and software up-to-date , use firewalls and spam filters, and make regular backup copies of your data.

Keep in mind that these measures do not protect you completely . However, taking them together helps to avoid being perceived as easy prey.

Change default settings

By default, we mean the serial configuration of a device, software, or online service. If the settings are the same for all devices or users, attackers can take advantage. Therefore, it is advisable to modify it to avoid entering the radar of cybercriminals.

Before, for example, routers were always delivered with open administrator access . Even, for a time, every Windows computer had its serial ports open and was therefore completely open on the Internet. In both cases, you could reduce the risk by changing the default values, but most users were unaware of this.

The default values ​​pose a danger not only in technical terms: also the privacy settings of social networks can be too lax in their default version. Unfortunately, many companies take advantage of this, as the user is completely "transparent". Modifying the settings is up to you alone, so follow the principle of the data economy: restrict the privacy settings of all your accounts to the maximum and increase the permissions gradually and only rightly.

Use safe devices

For applications where security is especially important, such as online banking or encrypted communication, use a device that is as shielded as possible, such as a small laptop with an operating system specially designed to ensure security. . A good example is the Linux Subgraph and Tails distributions, available for free.

By occasionally using a secure device, you deviate from the attacker's norm , who expects you to use a normal computer. If the attack attempt is based on this assumption, employing another device may prevent it.

Avoid spoofing attempts

What should you do when you think you are being the victim of a spoofing attack ? Imagine that you receive an email that tells you something supposedly important, such as that a transfer could not be made, that your account has been hacked, or that your domain registration is about to expire. They ask you to act quickly to avoid greater evils .

Although the message seems authentic at first glance , it sounds a bit strange to you. Perhaps the content does not fully match reality or makes you feel too pressured, but you are not sure that it is an attack. What should you do?

First of all, stay calm and don't rush . If the message is an email, don't click on any links in it . Use a second communication channel to check if the message is authentic. At this time, it is essential that you reduce the risk of attack: if possible, use another device and a secure application that you do not use regularly.

Consider these examples:

Suppose you have received a supposedly fake email on your work computer. As a second communication channel, you can use an end-to-end encrypted messaging application on the mobile phone.

You have received a suspicious call or text message on your mobile. You should use that phone with caution and, instead, use the one of the colleague next door to contact someone you trust.

User-directed spoofing attacks

These spoofing attacks aim to mislead the user. In the case of phishing , a deceptively real replica of a web page is often used to usurp confidential data.

URL spoofing

URL spoofing attacks aim to direct the user to a fraudulent URL . The trick is based on pretending that it is a well-known and reputable URL. If an unsuspecting user opens it, they are redirected to a malicious page. For a URL spoofing attack to work, the attacker must control the corresponding domain.

Falsification of the title of a link

This may sound familiar to you: a link appears in an email, but clicking it opens a completely different domain . The trick works because the HTML title and the link page do not have to be related . If the attacker chooses a link title that is reminiscent of a legitimate URL, the deception is perfect: the link title hides the actual target URL.

Look at the following scheme, which shows how a link is formed with the title and the destination URL:

An HTML link consists of two elements: the title and the destination of the link. Although the destination is a URL, the link title can contain any text.

to. Scheme of an HTML link in simple Markdown markup language.

b. Real link example: The link title reflects the page to which the link actually leads.

c. Fraudulent link example: the link title suggests a harmless page and thus hides the real link.

d. Representation of the fraudulent link example in HTML.

To protect yourself, you can check the destination URL of the link . If you hover over the link, the actual destination URL is displayed. In any case, it is best not to click on the links in the emails : instead, copy the link address by right-clicking and examine the link in an incognito window in the browser. This trick is very useful and it also works on mobile devices. You can also copy the link address, paste it, and examine it in a text box.

URL spoofing in the address bar or email header

To carry out spoofing attacks , URLs that are not related to any links are also used. Attackers often take advantage of the similarity between different letters to deceive the victim. These attacks, called homographic attacks , can be very difficult to detect.

In the simplest case, the attacker enters letters that, together, look like another letter in the URL or domain. Here are some examples: