But what if someone you trust urged you via e-mail to download a seemingly important file – would you do that?
It’s no secret that criminals often hide their true identity in order to trick people into falling for their scams. And it’s so easy to pose as someone else on the internet, especially since those who you’re talking to can’t really see you. Impersonating someone else in order to trick potential victims into taking certain actions that they wouldn’t normally take is one of the most common tactics used by cybercriminals to make their internet security scams successful. Not only can cybercrooks successfully pass as someone else, but they can also design programs and websites to look like other legitimate ones. In either case, we’re talking about spoofing – the art of online masquerading, as most internet security experts call it.
Spoofing versus phishing
A common misconception about spoofing is that it’s the same thing as phishing. In fact, they’re two different internet security threats, but strongly tied to one another. Phishing is basically tricking someone to give up sensitive information – usually social and bank account credentials and credit card details. Spoofing, on the other hand, refers to how cybercrooks actually trick their target – by posing as a well-known, trustworthy entity. So, more often than not, phishers rely on spoofing in order for their phishing scams to be successful.
For example, you receive an e-mail from your bank telling you your account has been suspended for whatever reason, and in order to reactivate it, you have to hand over your credit card details. This, clearly, is a phishing attempt – your bank would never send you such e-mails! And the fact that the e-mail seems to come from your bank, when in fact it doesn’t – that’s spoofing.
The most common forms of spoofing
Spoofing is one of the oldest tricks in the book – cybercriminals’ book, that is – but also one of the most effective in breaching web users’ internet security. Over the years it has taken on various forms, depending on technological advancements and trends in web users’ activity. Here are the most common forms of spoofing you’re most likely to come across in the WWW:
- E-mail spoofing. The example provided above is actually a form of e-mail spoofing. The sender address and the signature are made up to appear as though the e-mail was sent by a certain person or company. To make their e-mails look authentic and credible, cybercrooks have spoofed e-mail sender sections by listing names of renowned banks and websites like eBay, Amazon and PayPal, and continue to do so.
- URL spoofing. In some internet security scams, cybercrooks reproduce legitimate webpages and send the legit-looking web address (URL) in fake e-mails to web users or place it on other sites. When a user clicks on it, they’re redirected to the malicious site. Cybercrooks can also create malware that exploits web browser vulnerabilities; if a user unknowingly downloads it onto their PC, the malicious bit can manipulate their browser to show, for example, a fake bank account login page, whenever they browse for the real thing. In this particular case, the user is faced with a man-in-the-browser attack.
- Spoofing files on file-sharing platforms. Not all files you find on popular file-sharing platforms are legitimate. Some of them may look like the real thing, with the same name/title/author, but in fact they may be fake and contain some kind of malware.
- IP spoofing. Hackers can gain unauthorized access to computer networks by making the IP address of their computer look like the one of a trusted machine. This way they can perform network attacks and make them look as being performed by another entity.
- Wi-fi spoofing. Some Wi-fi hotspots can look like they’re owned by reputable companies, but in fact, they’re set up by cybercrooks who want to steal data received or sent by users.
Protect yourself from spoofers!
Here’s a bunch of solid internet security tips to protect yourself and your device from the threats listed above:
- Be suspicious of every e-mail that asks you to hand over personal information, no matter if the sender is a close relative or a trustworthy institution. Remember: your bank would never ask you for your credit card details via e-mail; Facebook would never ask for your account credentials this way either. If you receive an e-mail from them linking to their site, don’t click on the link provided. Instead, open the respective site from a new window, just to avoid accessing a fake one.
- Beware of phishing attacks. Keep yourself informed about new phishing methods and for extra protection, install an internet security suite that comes with Antiphishing and Safe Browsing to warn you against malicious websites. BullGuard’s internet security suite comes with such features.
- Don’t be too trusting when it comes to the security of file-sharing platforms. It’s best you have your own security in place, i.e. effective antivirus protection like the one offered by BullGuard Internet Security 12. Its antivirus engine protects your computer even from the newest forms of malware.
- Make sure you have a solid Firewall installed on your PC, to counter any network attacks from hackers.
- Be careful with public Wi-fi hotspots. It’s best you don’t bank or shop online while connected to a hotspot, as you never know what prying eyes might be “watching” your transaction and steal your financial details.