Personal data is to hackers what a diamond necklace is to a jewellery thief – a valuable asset that they will try to steal by any means possible. Hackers have no qualms about using various deception techniques such as identity spoofing, in which cybercriminals disguise their true identity and masquerade as a regular contact to their victim. Once hackers succeed in gaining the trust of their targets and induce them to reply to an e-mail or click on a link, the actual attack can begin. What happens next? The hacker uses malware to infiltrate and gain access to the victim’s personal data. Attackers can then do everything from accessing bank accounts to placing fraudulent orders in online shops all the way to attempted extortion using encrypted data – it’s the perfect crime. To help protect you and your company from these risks, we are supporting European Data Privacy Day on 28 January by sharing information here about the methods of attack used in identity spoofing and about how you can protect yourself and your digital identity from these malicious schemes.
Insidious and well thought out
The term “spoofing” means to cheat, falsify and mislead. It’s a general term used to describe the act of disguising a communication or identity with the aim of enabling fraudulent actions. Spoofing specifically refers to the various methods that spoofers employ to conceal their identity, simulate another identity and masquerade as a contact who is known to the victim. The objective is to trick the victim into taking a leap of faith and unwittingly sharing private data or performing an action for the spoofer.
Identity spoofing depends on the hacker’s ability to pretend to be somebody else. As a result, cybercriminals can take their time and plan their attacks in meticulous detail. They use fake business and email addresses and employ familiar styles of communication because their individual targets will only disclose sensitive data if their trust can be won over.
When trust is exploited
In most cases, the danger of identity spoofing is only apparent in hindsight. Once the victims have been manipulated to share confidential information with their alleged contacts, there’s no limit to the potential consequences. Spoofing can be used for entirely different purposes above and beyond the simple theft of confidential company data or login information for use in future attacks, which could be considered to be at the milder end of the spectrum. These range from spreading malware containing malicious links to financial fraud and stolen digital identities and extend all the way to ransomware and denial-of-service (DoS) attacks. And the potential consequences? The costs of restoring data security and the legal consequences can be considerable, not to mention the negative impact on a company’s reputation.
Spoofing and phishing: are they not the same thing?
The similarity between spoofing and phishing comes from their common objective. Both methods involve using another person’s trusted identity to make contact with a known source and steal personal data. However, since the general term spoofing covers a large number of different techniques, not every spoofing attack can be classified as a phishing attack. Spoofing at DNS or IP address level requires the use of technical resources to fool a computer or a network. This is not the case with traditional phishing, which is done through fake emails with which the victim is lured, put under pressure or motivated to take a particular action. This makes email spoofing very similar to phishing, which is why both methods are often used together. In such a case, a hacker uses a fake identity to create the impression of a legitimate and credible email, which significantly improves the chances of a successful phishing attempt.
The diversity of spoofing
Despite the many different forms of identity spoofing, they are all based on one common aim: hackers attempt to disguise themselves with someone else’s digital identity. After all, the more personalised the communication with the victim is, the greater the chances that one will believe the content and go along with the spoofing attack. We provide an overview of the most frequently used methods:
- When employing email spoofing, hackers send emails from fake sender addresses that, at first sight, appear familiar and trustworthy to the individual targeted. Examples include a message from one’s bank, insurance provider or from a senior executive in a work setting. This particular approach is popular among spoofers due to its ease of use.
- On the other hand, website spoofing is slightly more complicated and is usually combined with a phishing attack. The hacker creates a fake version of an existing website whose appearance and functions are deceptively similar to the genuine website and appear familiar to the victim. A phishing email is then sent to the victim requesting them to click on a link, directing them to the fake website. Once the user attempts to log in on the fake website, the login data used for authentication is stored and sent to the hacker for use in subsequent fraud attempts.
- IP spoofing is performed at a lower level of the Internet where hackers change or disguise the IP address of their device and send IP packets to multiple network recipients. Their goal in doing so is to conceal their original identity and trick the networks into granting them access. IP Spoofing is usually done as part of a DDoS attack, in which the hacker sends very high volumes of incoming data traffic to overwhelm an individual IP address, causing a fault in the network. The hacker can even make the data traffic appear to originate from multiple sources. This makes it even more difficult to repel such an attack.
- DNS spoofing is also commonly referred to as DNS cache poisoning. The starting point in each case is the web address that a user types into the browser. Typically, the Domain Name System will proceed to locate the IP address that matches the domain name that was typed in and directs the user accordingly. However, hackers are able to use DNS spoofing to insert damaged DNS data onto the user’s web page. Consequently, users are no longer directed to the website they originally requested but are diverted to the IP address defined by the hacker. There, they will usually be confronted with harmful software or forms that are used to harvest the sensitive data of victims unnoticed.
How you can protect yourself
Generally speaking, you cannot prevent hackers from disguising themselves as known contacts or hiding IP addresses in an attempt to extract confidential data from you. However, you can respond to identity spoofing in a preventive manner and make your browsing habits safer by taking prudent steps:
- Use anti-virus software, spam filters and network filters
- Only enter confidential information such as passwords and credit card information in secure forms on encrypted websites that use HTTPS
- Use two-factor authentication when logging onto websites
- Change your password regularly
- Maintain a healthy degree of mistrust with regard to the sender of an email
- Check for spelling and grammatical errors in the sender’s address and the URLs
- Only open a link or an email attachment after you have checked who the sender is
- Do not allow yourself to be pressured by threatening messages, and always check the parameters mentioned as you would normally do before taking any action
- If you receive a suspicious email, contact the sender by telephone or smartphone to verify that the email is genuine.