Spoofing: what is it?

Spoofing what is it

Cyber ​​attacks have been on the rise in recent years. Spoofing is difficult to detect and particularly formidable for individuals and businesses. An obscure term which may seem barbaric to the uninformed, spoofing must be popularized in order to be better understood.

In English, “spoofing” means “theft”, understood as “electronic identity theft”. This consists of pretending to be someone else in order to send computer viruses or spam.

This is how web users sometimes receive in their email emails from someone they know, carrying computer viruses, even though they are not necessarily infected. Corn the definition of spoofing is not so succinct …

How to define spoofing?

Identity theft on the Internet consists of obtaining confidential personal or banking information. This fraud technique includes a whole range of methods built on the ability of a hacker to impersonate another person or company, known to his target. Thus, it is not rare to have to deal with usurpers replacing an allegedly “reliable” entity such as EDF, La Poste or banks to send fraudulent information. Their goal is to deceive the vigilance of their target, who, confident, will not think of verifying the email address of the sender. This tactic is called “brand spoofing”, which is the impersonation of large companies.

Spoofing can have other purposes than identity theft to access sensitive data. Hackers can distribute malware through email attachments or links, to bypass network access systems, but also to prepare the ground for further attacks.

Some examples of spoofing

Spoofing is an act carried out on a large scale automatically using robots software, but we must not forget that human (s) are hiding behind! Email addresses are collected on the Web or elsewhere, for example in the address books of victims infected with viruses. There are several kinds of spoofing such as:

1- Spoofing by email address spoofing

This type of spoofing consists of slightly modifying an email address so that the recipient thinks it is reliable. It will therefore resemble that of the person or company for whom the web pirate is impersonating and will deceive the target.

2- Spoofing by alias usurpation and fraud against the president

By using this practice, the hacker uses the name (and not the email address) of a person known to the recipient and occupying a position of responsibility in a company. She will ask him to make an immediate transfer. Faced with the urgency of the situation, the recipient often does not have the presence of mind to verify the sender’s email address and is tricked.

3- IP spoofing or IP spoofing

Each device connected to the Internet has an IP address. When it sends information over the net, it does so in packets, each “tagged” with the same IP address. In the case of a cyberattack of this type, the hacker spoofs an IP address from which he sends IP packets to several recipients on the network. When they respond, they are conveyed to the fraudulent IP address. The attacker knows that he is hiding his IP address, has little chance of being identified, and can easily access applications or services on the network. IP spoofing is used in particular in the case of DDoS attacks.

Protect yourself from spoofing

If for a company take cybersecurity training is certainly the best alternative to better understand spoofing and avoid cyber attacks, individuals can implement a few tips.

Checking email addresses upon receipt of a suspicious message should become almost automatic, as should checking the URL of a web page.

Properly analyzing the content of the email also helps to avoid spoofing. Indeed, the accumulation of misspellings and syntax, especially for an email from an entity deemed reliable, can alert the recipient. It is also advisable to avoid clicking on a link or opening an attachment in a suspicious email.

Obviously, it is essential not to respond to emails that ask for personal information or to put money into an account. The installation of an anti-virus on a computer is, moreover, a solution to prevent hackers from taking control of a machine.

You will also be interested

Interested in what you just read?

.

fs2