Spoofing is defined as a malicious activity which is employed by hackers and cyber scammers for illegal purposes. One can also say that it is an act of disguising a communication from an unknown source as from a trusted source. Mainly spoofing technique is used for gaining illegal access of remote system in order to spread the virus, malware with use of infected attachments, links, bypass network access or by redistributing the network traffic in order to conduct a DoS attack. This technique is also used by a malicious user for executing large cyber-attacks such as MITM (Man-in-the-middle attack), Advanced persistent threat. Thus, successful spoofing attacks in an organization can affect the functioning of overall network, end devices such as computer system, data breach etc. There are various types of spoofing which are employed by hackers in order to get confidential data or spreading malware such as IP Spoofing, ARP Spoofing, Email Spoofing, Caller ID Spoofing, Website Spoofing, DNS Server Spoofing. Now, we will discuss these spoofing techniques briefly.
It is a spoofing technique in which a malicious user uses an email message for tricking the target user into thinking that the email is coming from a trusted known source. The fake email sent by malicious user may contain malicious website, malicious websites with virus and malware or malicious user can use social engineering technique for convincing the recipient for freely disclose confidential information. We can also say that email spoofing is the technique of forgery of an email header, so the email appears to have originated from somewhere other than the actual source. It is a popular tactic used in spam, phishing campaigns because the user is more likely to open an email when the user sees that this email is from a legitimate source.
The email spoofing technique is easy to achieve with working SMTP (Simple Mail Transfer Protocol) server and with use of mailing software such as Gmail and Outlook. Once the email message is composed, the malicious user forges email fields found within the message header such as FROM, RETURN-PATH, REPLY-TO addresses and after that email is sent to the target user. The email appears to come from an authorized source.
2.Caller ID Spoofing
It is a technique which causes the telephone network to indicate to the receiver of a call that the originator of the call is a station other than the true originating station. For example, if a caller ID display might display a mobile number or phone number which is different from that of telephone from which the call is placed. The malicious user also uses social engineering often posing as someone from customer support or bank for convincing their targets over the phone and ask for confidential data of the user such as ATM PIN, Card Number, User_ID, Password etc.
Website spoofing is referred to as a technique by which malicious user uses the fake existing website such as Facebook or Gmail in order to get confidential data of the user such as username, password, etc. One can also say that it is a technique by which malicious creates a fraudulent website which masquerades as a legitimate site. The spoofed website is completed looks like the legitimate website and in some cases, attacker uses a similar URL in order to the fraud target user.
4.ARP (Address Resolution Protocol) Spoofing
ARP is a protocol which resolves IP addresses with MAC (Media Access Control) addresses for transmitting data. ARP technique is used by a malicious user to link an attacker’s MAC with a legitimate IP address of Network so that malicious user can get all network traffic which is associated with that IP address. This technique is mainly used for stealing and modification of data which can also lead to the DOS (Denial of Service) attack, Session Hijacking and Man-in-the-middle (MITM) attack.
Figure 1 Working of ARP Spoofing
5.IP (Internet Protocol) Spoofing
An IP spoofing attack is one of the spoofing attacks in which malicious user sends IP packets from a false source address in order to disguise itself. For Example, DOS (Denial of Service) attack uses IP spoofing in order to overload the network device with a huge number of packets which appears to be coming from legitimate source IP addresses.
6.DNS (Domain Name System) Server Spoofing
The main function of the Domain Name Server is to resolve the email addresses and URL with Corresponding IP addresses. In DNS spoofing attack, the malicious user diverts traffic to a different IP address which takes target user to a malicious site in order to spread virus and malware to the user system. For example, malicious user spoofed real DNS records then the malicious user is able to redirect all the traffic coming from the user for real DNS records to visit a malicious website which was created by a malicious user.
Protection Against Spoofing Attacks
There are various techniques and tools are available which can be employed for reducing the threat of spoofing attacks. However, some of the common steps which user can take for mitigating of spoofing attack are discussed below:
* Using Anti-Spoofing Software
There are different software and programs available on the Internet which can help in detecting spoofing attacks. These software’s and programs are work by inspecting and certifying the data before it is transmitted over the network and the data which appears to be spoofed is automatically blocked by anti-spoofing software.
* Packet Filtering
The main role of the packet filter is to inspect the packets which are transmitted across a network. Filtering of packets is very useful in IP address spoofing attack prevention as because they are capable of filtering and blocking data packets which have conflicting source address such as packets are coming from the outside network, but they have source addresses from inside the network.
*Encrypting data over the network
One thing that can be used for prevention of spoofing attack is encrypting data before it is sent over the network. One can use TLS (Transport Layer Security), SSH (Secure Shell), SSL and various other secure communication protocols in order to mitigate spoofing attack. The main function of this encryption protocol is to encrypt the data so that malicious user cannot access the confidential data. For example:
The use of SSL certificates over the website is an essential component of encryption process which makes a transaction over the internet more secure. These are digitally signed certificates which provide authentication in order to protect the integrity and confidentiality of data over the website while communicating with a user web browser.
Figure 2 Working of SSL: