Spoofing is a method commonly used by hackers across a wide range of cyberattacks including but not limited to phishing, social engineering, ransomware, and business email compromises.
While the techniques and technology can vary, spoofing allows a hacker to alter their identity to appear to be a trusted source, such as a co-worker, relative, or secured online service.
The danger posed to companies and organizations by seemingly authentic communications from trusted sources could pose an extinction level event.
“[A] single official-looking email can open the door to innumerable types of fraud, both internally and externally… People wire money on the basis of a phone call all the time. The harm caused by a phony corporate communication to shareholders or the general public could represent a catastrophic loss of money and confidence,” says CyberScout founder and chairman Adam Levin.
While the more widely known examples of spoofing come in the form of phony email and phone calls, hackers will often deploy more high-tech methods of duping their victims. One common technique is typosquatting, where an attacker will acquire domain names similar to existing websites, and create convincing facsimiles.
“Typosquatting is when third parties buy variants of domain names based on simple and common spelling errors, e.g. "gooogle.com," or "gooogl.com" instead of Google.com,” says Levin, who refers to a recent study indicating that 2.7 percent of 15,000 analyzed domain names directed users to websites associated with some form of cybercrime.
“If 2.7 percent seems like a small number, consider that there are currently at least 360 million registered domain names.” warns Levin.
Another more sophisticated form of spoofing is in the form of DNS hijacking. DNS, or the domain name system, is a service underpinning the entire internet which helps to translate machine-friendly internet addresses, e.g. “22.214.171.124” to more human-friendly addresses, in this case “Google.com.”
“That moment when a name is matched to a number is where hackers can intervene. There are a number of ways it can happen, but DNS hijacking is when your page request doesn't go to the site you asked for… there's no obvious way to tell that it's happening,” says Levin.
In some cases, DNS servers themselves are hacked and adjusted to reroute large-scale internet traffic to spoofed websites. Hackers will often use these to acquire victims’ login credentials, or deploy malware to targeted computers.
While there’s no one sure-fire way to identify spoofed communications or websites, paying close attention to URLs and email addresses can help prevent the majority of them. Always double-check the web address on websites, use and regularly update security software, and confirm emails and phone calls with employees.