With caller ID spoofing, attackers can make it appear as if their phone calls are coming from a specific number either one that is known and/or trusted to the recipient, or one that indicates a specific geographic location.
Attackers can then use social engineering often posing as someone from a bank or customer support—to convince their targets to, over the phone, provide sensitive information such as passwords, account information, social security numbers, and more.
The Address Resolution Protocol (ARP) is a protocol used to translate IP addresses into Media Access Control (MAC) addresses in order to be properly transmitted. In short, the protocol maps an IP address to a physical machine address.
ARP spoofing is used to link an attacker’s MAC to a legitimate network IP address so the attacker can receive data meant for the owner associated withthat IP address.
ARP spoofing is commonly used to steal or modify data but can also be used in denial-of-service and man-in-the-middle attacks or in session hijacking.
The Domain Name System (DNS) is responsible for associating domain
names to the correct IP addresses. When a user types in a domain name, the DNS system corresponds that name to an IP address, allowing the visitor to connect to the correct server.
DNS spoofing attack to be successful, a malicious attacker reroutes the DNS translation so that it points to a different server which is typically infected with malware and can be used to help spread viruses and worms
The DNS server spoofing attack is also sometimes referred to as DNS cache poisoning, due to the lasting effect when a server caches the malicious DNS responses and serving them up each time the same request is sent to that server.
The most commonly-used spoofing attack is the IP spoofing attack. This type of spoofing attack is successful when a malicious attacker copies a legitimate IP address in order to send out IP packets using a trusted IP address.
Attackers may use IP (Internet Protocol) spoofing to disguise a computer IPaddress, thereby hiding the identity of the sender or impersonating another computer system. One purpose of IP address spoofing is to gain access to a networks that authenticate users based on IP addresses.The most popular type of IP spoofing attack is a Denial of Service attack, or DoS.
One outcome attackers can achieve using IP spoofing attacks is the ability to perform DoS attacks, using multiple compromised computers to send out spoofed IP packets of data to a specific server.If too many data packets reach the server, the server will be unable to handle all of the requests, causing theserver to overload.
Website spoofing refers to when a website is designed to mimic an existing site known and trusted by the user. Attackers use these sites to gain login and other personal information from users.
Email spoofing occurs when an attacker uses an email message to trick a recipient into thinking it came from a known or trusted source.
*Sender information is easy to spoof and can be done in one of two ways:
Mimicking a trusted email address or domain by using alternate letters or numbers to appear only slightly different than the original
Disguising the From field to be the exact email address of a known or trusted source
The primary way to protect against spoofing is to be vigilant for the signs of a spoof, whether by email, web, or phone.
Always look up for following mistakes:
Poor spelling
Incorrect/inconsistent grammar
Unusual sentence structure or turns of phrase
These errors are often indicators that the communications are not from who they claim to be.
The sender's email address:
Sometimes addresses will be spoofed by changing one or two letters in either the local-part (before the @ symbol) or domain name itself. Say for example, l letter can be replace by 1 (one) or o can be replaced by 0 (zero).
The URL of a webpage:
Similar to email addresses, the spelling of Authenticate website & URL can be slightly changed to trick a visitor not looking closely.
Never make following mistakes:
Don’t click on unfamiliar links or download unfamiliar or unexpected attachments.
If you receive this in your email, send a reply to ask for confirmation. If an email address is spoofed exactly, the reply will go to the actual person with the email address not the person spoofing it.
Don’t take phone calls at face value be wary of the information the caller is requesting.
Google the phone number presented on the caller ID to see if it’s associated with scams. Even if the number looks legitimate, hang up and call the number yourself, as caller ID numbers can be spoofed.
"Being aware of different spoofing methods and their signs can help you avoid being a victim."
Mittal Kapdiya
Mittal Kapadiya has well skill and experiences in Android & Web Application development. she has excellent catch on Python and various OS (Linux, Ubuntu & Windows ). She's so keen in Ethical Hacking and System Security Aspects and have good knowledge in it. Currently she's pursuing Masters in CYBER Security and is an active blogger at CYBER4ALL.