Cyber Spoofing Tactics, Techniques and Procedures
Written by Roderick Lia
The term ‘spoofing’ or ‘spoofed’ has recently been mentioned and used quite often within the local domain. Yet throughout the years, different Maltese strata were targeted, amongst whom, high profiles like Prime Ministers, Leaders, Presidents as well as entities and non-governmental organizations
It is therefore of utmost importance to understand what spoofing is, the motivation that impostures might have, the different forms of spoofing and how one can notice digitally spoofed content.
A spoofing attack within the cyber security domain is when an impostor pretends to be someone or something else to gain a person’s trust. Spoofing typically consists of two main elements. There is the spoof itself that could be a faked website or email, and the social engineering aspect that leads the victim to take an action against a specific request being made by the impostor. An example that everyone might relate to is the email that appears to come from a trusted and known senior employee requesting a payment or settlement of outstanding bills. Impostors utilize techniques like these to manipulate and encourage victims to carry out the desired action without raising alarm or suspicion. Such activity sometimes adopts different levels of technical complexity. But not just that. It also uses a set of social engineering techniques and psychological manipulation that could potentially instil a sense of fear, reputational damage as well as destabilization.
Spoofing attacks can be noticeable or unnoticeable to victims. Irrespective of this, a spoofing attack can lead to serious implications. Some of the known consequences are the stealing of digital identities, known as credentials, personal or company’s information, involvement in malware sharing and spreading, access to unauthorized systems as well as to becoming victims to ransomware attacks.
Different types of spoofing attacks exist. The most common ones are the emails mentioned above, websites, phone calls and text messages.
The Email spoofing attack can occur in two different formats. The first format is when a malicious actor forges the email content, known as the email headers and changes the display name of the email address. The second type involves the utilisation of the same victim email address and send email through unauthorised services. Given that most users take this at face value, being a victim to such attack is quite common. Some common reasons why spoofed emails are sent vary from, these being from requests for money transfer, to seeking permission to access a particular system. To a certain extent, spoofed emails might even contain attachments that once opened trigger the installation of malware such as Viruses and Trojans that could potentially spread across all the entire network.
The Website spoofing attack, that is also known as URL spoofing, occurs when a scammer builds a fraudulent website that resembles an authentic and already established site or brand. Spoofed websites usually portray the logos, branding and images stolen from the authentic site. In certain cases, an identical login page is also presented. Even though the spoofed URL appears to be correct at first glance, in reality an extra or a truncated character, such as a number or symbol would point to a different site; this method is known as Typosquatting. We have even seen instances where website spoofing URLs have been placed in conjunction with an email spoofing. Therefore, the scammer is using the email medium that will lead the victims to access fake websites. Some common reasons why spoofed websites are part of the hacker’s favourite lists, is that they enable hackers to steal credentials as well as to drop malware and infect devices and computers.
The Phone call spoofing attack, also known as Caller ID spoofing, occurs when scammers intentionally forge the caller ID details to mask their identity. We all know that a local number is more likely to be picked up than a number which is not recognize. In such type of spoofing a VoIP (Voice over Internet Protocol) is used. This will allow scammers to create a phone number and caller ID of their choice. The main scope of such an attack is to obtain sensitive information including credentials to systems once the phone call is answered.
The Text message spoofing attack, also known as SMS spoofing is when the sender of a text message crafts a message that misleads recipients with fake displayed sender information and thus pretends to be a legitimate business or a government department. The reason behind such SMS is to deliver links that could offer malware download, spread fake news as well as obtain system credentials.
Although spoofing attacks are on the increase and becoming more complex, online safety protocols may help to minimize one’s exposure to a spoofing attack. The following Do’s and Don’ts can help in this regard:
Do not click on links or open attachments from unfamiliar sources.
Do not answer emails or calls from unrecognized senders.
Do not give out personal information online.
Where possible, set up two-factor authentication.
Use strong passwords.
Review your online privacy settings.
Keep your network and software up to date.
As a final remark we advise that websites, emails, or messages with poor spelling or grammar and any other features that look incorrect, such as logos, imagery, colour scheme and branding, or missing content, could be a sign of a spoofing attack, and therefore should be ignored or verified, and when necessary reported to the respective authorities.