(904) 208-2195

Spoofing is Sneaky - Learn How to Avoid a Spoofing Attack

August 7th, 2019 by admin

'What is a spoofing attack, and how can I stop it?' with Computer Alert Graphic

Spoofing is a sneaky type of online fraud that tricks users and networks into believing that information is real when it’s actually fake. Typically, a cybercriminal will pose as a known, trusted person in your network (office typically) and they will try to get personal information, money, or help to access other information to create a larger fraud. These are the trickiest types of scams because they often catch you off-guard, come through your work email account, and can seem very real. In some scenarios, a successful spoofing attack can infect computer systems and networks, cause data breaches, lost revenue, denial-of-service attacks, and more. So be careful! Here are some tips to avoid a spoofing attack at your office.

The most highly targeted victims of spoofing attacks within SMBs are CEOs, Directors, CFOs, and finance directors or managers with access to corporate funds. Spoofing can also enable criminals to bypass network access controls, which can lead to more significant cyberattacks like an advanced persistent threat or a man-in-the-middle attack. And unfortunately, small and medium-sized businesses are the most targeted for these types of attacks, making up roughly 58% of all cybercrime victims, according to Verizon’s 2018 Data Breach Report.

Often a spoofing attack will come via email and may replicate a request to complete a task that seems believable like a request to buy something for a client or change a password. But there are ways to verify and avoid these types of attacks.

'1) Attacker injects fake DNS entry. 2) Client issues request to real website. 3) Request resolves to fake website.' Spoofing Infographic

Watch out for:

  • Email addresses coming from outside your network, verify the email address it is coming from is legitimate. Also, look for red flags such as an urgent request or someone seeking financial information or for you to purchase something like a gift card.

  • Address Resolution Protocol (ARP) spoofing – This type of attack occurs when a criminal sends falsified ARP messages over a local area network. The attacker’s end goal with an ARP attack is to connect their Media Access Control (MAC) address with the Internet Protocol (IP) address of someone employed at their targeted business. Once the criminal has access to the IP address, they have free rein to intercept data between the computer and the router. To detect an ARP spoof, open your command bar and enter arp-a. The result will be an ARP table for your device. Search the results to see if any IP addresses have the same MAC address. If more than one IP address matches a single MAC address, it may indicate there is an intruder in your network.

  • IP spoofing – This attack is implemented when a criminal sends a digital message through a manipulated source IP address to make it look like the message came from a trusted source. By impersonating the IP address, the attacker can initiate a denial-of-service and overwhelm a device by sending too many packets. When a denial-of-service attack occurs, a machine or network is completely shut down, creating a damaging amount of business downtime and lost productivity for an organization.

  • Domain Name System (DNS) spoofing – Criminals can modify a DNS server to reroute a specific domain name to a different IP address. The result of a DNS spoofing attack is usually the spread of viruses into networks which will hurt business continuity. Using a tool like DNS traceroute will allow you to see where the DNS request has been answered. If a request has been replied to from a suspicious location, it’s critical to continue to investigate.

According to cybersecurity company BitSight, 54.8 percent of U.S. companies have poor SPF (Sender Policy Framework), and 66.4 percent have poor DKIM (DomainKeys Identified Mail) practices. Without secure SPF, DKIM, and Domain Message Authentication Reporting and Conformance (DMARC) procedures, which block spoofing emails, the odds of a spoofing incident initiating within your organization via email increases significantly.

Additionally, organizations have to keep updated company cybersecurity policies to avoid confusion about how to handle these types of cyberattacks. You should also have a comprehensive backup and disaster recovery plan. Need help updating your company’s policies and spotting weaknesses? ICX is here to help!

Posted in: Security

Our Office

Request a Consultation – Contact Us