Spoofing and its Types

1
Spoofing and its Types
2
Table of Contents

• Spoofing
• Uses of Spoofing
• Aftermath of Spoofing
• Types of Spoofing (Email Spoofing)
• Types of Spoofing (Website Spoofing)
• Types of Spoofing (Caller ID Spoofing)

• Types of Spoofing (IP Spoofing)
• Types of Spoofing (ARP Spoofing)
• Types of Spoofing (DNS Server Spoofing)
• Safety from Spoofing Attacks (The Dos)
• Safety from Spoofing Attacks (The Donts)

3
Spoofing

• Spoofing helps to disguise communication that is
  from an unknown source and makes it appear to
  have originated from a source that is known and
  trustworthy. Spoofing can be used through emails,
  websites, phone calls, IP addresses, Domain Name
  System (DNS) server etc.

4
Uses of Spoofing

• There are many ways in which spoofing is used
  which are mentioned below, in no particular
  order..
• For gaining access to the personal information of
  a target
• For spreading malware with the aid of links and
  attachments that are meant for this purpose
• For bypassing network access controls
• For redistributing traffic to carry out a
  denial-of-service attack
• For executing cyber-attacks (man-in-the-middle
  attack, advanced persistent threat etc.)

5
Aftermath of Spoofing

• Successful spoofing attacks on enterprises can
  result in the following-
• Data breaches
• Infected computer systems as well as networks
• Loss of revenue
• Loss of reputation of the organization that is
  the victim of such an attack
• Networks can be overwhelmed when spoofing
  reroutes Internet traffic
• Users can be led to malicious sites that steal
  information or install malware

6
1-800-123 -8156

• Whoa! Thats a big number, arent you
  proud?

7
Linked Node

• There are many types of spoofing, which shall be
  touched upon in the content that is provided
  here. One of these is email spoofing, which is
  the first one to be discussed. In it an email
  message is used by the attacker to trick a
  recipient and make him/her believe that the email
  was sent by a source that is known and trusted.
• Such emails might contain malicious websites
  links or malware infused attachments. Email
  spoofing attacks are aimed at stealing the
  targets information, infecting the target device
  with malware or blackmailing the target for
  money.
• It is easy to spoof the information of the email
  sender. It can be done in one of the following
  ways-
• By mimicking a trusted email address or domain.
  This is achieved by making use of alternate
  letters or numbers that are marginally different
  from the original ones.
• By disguising the From field in a way that it
  appears as the exact email address that belongs
  to a known and trusted source.

8
Types of Spoofing (Website Spoofing)

• In website spoofing, a website is designed in a
  way that it mimics an existing site that is known
  and trusted by the target of this attack. This is
  also called URL spoofing and ensures that a
  malicious website appears to be genuine and
  licit. Website spoofing helps attackers to have
  access to login as well as other personal
  information of the target. It also helps
  attackers to infect the targets system with
  malware.
• In the context of websites, it is imperative to
  impart some information on how websites are made
  accessible. This is through web hosting which
  provides the necessary server space and
  technologies that are needed to store and deliver
  the files of a website. Certain terms that are
  used for the most reliable web hosting companies
  are, the Best Windows Hosting Company or the
  Top Cloud Hosting Company or even the Best Web
  Hosting Company in India.

9
Types of Spoofing (Caller ID Spoofing)

• Caller ID spoofing enables attackers to make it
  seem that their phone calls are originating from
  a specific number. This specific number is either
  a number that is known as well as trusted by the
  recipient of the call or it belongs to a specific
  location. Attackers often use social engineering
  in such attacks.

10
Types of Spoofing (IP Spoofing)

• In IP Spoofing, attackers disguise the IP address
  of a computer. It helps to hide the identity of
  the sender. Another computer system can also be
  impersonated by it. It serves the purpose of
  gaining access to networks that use IP addresses
  to authenticate users. IP spoofing is often used
  in DDoS (Distributed Denial-of-Service) attacks.
  The attacker sends packets to numerous network
  recipients. When a response is transmitted by the
  recipient of the packet, the recipient will be
  routed to the spoofed IP address of the target.

11
Types of Spoofing (ARP Spoofing)

• ARP (Address Resolution Protocol) refers to that
  protocol which resolves IP addresses to MAC
  (Media Access Control) addresses for the purpose
  of transmitting data. ARP spoofing links MAC of
  an attacker to a licit IP address. This enables
  the attacker to have access to the data that is
  meant for the owner who is associated with that
  particular IP address. Its most common usage is
  theft as well as modification of data. It can be
  used for the purpose of session hijacking and to
  carry out denial-of-service as well as
  man-in-the-middle attacks.

12
Types of Spoofing (DNS Server Spoofing)

• Domain Name System (DNS) servers are meant to
  resolve URLs and email addresses to corresponding
  IP addresses. With the aid of DNS spoofing
  attackers can divert traffic to a different IP
  address. This leads victims to potentially
  dangerous sites that can spread malware.

13
Safety from Spoofing Attacks (The Dos)

• The easiest and the most effective way to ensure
  protection against spoofing attacks is to remain
  informed about it and be proactive. One must look
  for the signs of spoofing in emails as well as in
  the other prime targets of spoofing that have
  been mentioned previously, such as, IP, caller ID
  etc. When trying to ascertain if a communication
  is licit or not, one must stay alert and notice
  incorrect or inconsistent grammar, poor spelling
  as well as sentence structure that is unusual.
  All of these can indicate a spoofing attempt.
• One must examine the email senders address as
  well. Email addresses can be spoofed by making
  minor changes in either the local-part or domain
  name. The URL of a webpage needs to be examined
  thoroughly to detect spoofing, as often the
  spelling can be altered marginally here, in order
  to trick those visitors who dont pay attention
  to it.

14
Safety from Spoofing Attacks (The Donts)

• To ensure protection against spoofing attacks,
  one must not click on any link that seems
  unfamiliar or download unfamiliar and/or
  suspicious attachments. When such content is
  received in ones email, one should send a reply
  mail to seek confirmation. When an email address
  has been spoofed perfectly, this reply mail will
  get delivered to the person whose email address
  it is and not to the attacker who initiated the
  spoofing attack.
• One must not divulge information to callers
  requesting for it without being sure of their
  authenticity. Try to ascertain, by searching on
  the Internet, if the phone number is associated
  with scams. Even if the number looks genuine, one
  must call the number oneself rather than
  answering it, as a protective measure. This is to
  ensure protection against caller ID spoofing.

15
Thanks!

• ANY QUESTIONS?

• www.htshosting.org
• www.htshosting.org/best-web-hosting-company-India
• www.htshosting.org/best-windows-hosting
• www.htshosting.org/best-cloud-hosting-company