Spoofing FAQ
Spoofing is when someone sends a message in a particular way to make it look like the message was sent from a trusted party. This is usually done with the aim of either getting private information or having the recipient perform some action at the Spoofer's request. A common example of spoofing is an email pretending to be from your bank, asking you to click a suspicious link in the email message.
Spoofing is commonly used to:
- Gain your personal or company information
- Obtain access to your account
- Spread malware using links and attachments
- Seek financial gain
Below are some of the ways that information can be spoofed.
Email Spoofing
This form of spoofing is when you receive an email from an unknown source, where the email appears to come from a known party.
There are three main ways that this can happen:
- The content comes from a domain that is similar to the domain that it is spoofing, for example - domain.com can look similar to dornain.com (notice how m and r + n looks similar, especially in a smaller font).
- The From address could be manually set to a trusted email address, making it look like the email came from a trusted person. This kind of spoofing is blocked by an SPF record.
- The Sender name could be set to 'John Smith', 'john@domain.com' or the name of a person you know. In most email clients the sender name will show up before the email address. The sender name can be changed by anyone at will, and has no bearing on the trustworthiness of an email.
These emails usually contain links to malicious content or site OR are phishing for sensitive information by pretending to be someone legitimate.
Avoiding Email Spoofing
Before clicking any links in an email, always check the email address that sent you the email to be sure it's one you trust. If the email client you use only shows the person's name, confirm with your IT team how to check the actual email address.
Your email filter also performs its own SPF and DKIM checks to make sure that the email comes from the person it says - however these checks rely on the email sender having correctly set up authentication records.
We have guides in our Knowledgebase on how to modify your email authentication records, which can prevent people spoofing using your email address. DKIM, SPF and DMARC are all DNS records which a spam filter will check when it receives your email. While DKIM and DMARC are very useful, SPF is now vital and your email almost certainly won't be received if you exclude it. Click here for a guide on setting up SPF, DKIM and DMARC records.
We also have guides on how to modify your spam filters and adjust your filter settings, if you find you are getting too much spam.
DNS Spoofing
Domain Name Servers provide corresponding internet addresses to your domain names. This system tells people's devices where to obtain website resources or where to send emails to. DNS Spoofing is a way of spoofing that provides false data to Domain Name Servers, potentially resulting in emails being delivered to a server that may not be controlled by its intended user OR websites loading phishing content.
Avoiding DNS Spoofing
This is not an attack that is usually possible due to safeguards that will already be in place at the DNS server end. However, it is good to be aware that it is theoretically possible. If you suspect DNS Spoofing, try viewing the site from different WIFI connections, or waiting several hours for any cache to expire then trying the site again.Website Spoofing
This method of spoofing is when a website is designed to look like another well-known site. They may have similar looking login screens which record the details that people enter - this information will then be used with malicious intent.
Avoiding Website Spoofing
Before entering any details on a website, check the URL bar to be sure you're connected to the correct site. Also ensure that the site has a valid SSL Certificate, and click on the Padlock icon to ensure the SSL is also issued to the correct company. Additionally, most spoofed websites are found by Google and marked as Dangerous. Do not enter your details on a site that is marked as such.
Finally, you will generally only get to a spoofed website by clicking a link that takes you directly there. If you are concerned that the website might be spoofed, simply close the window and search for the website manually through Google.
Caller ID Spoofing
This type of spoofing makes a call look like it is coming from a specific number which is known to the recipient OR masks the location of the call. This type of spoofing often (but not always) relies on the caller acting as an acquaintance or someone from a company, government department - they are often after personal sensitive information or financial gain.
Avoiding Caller ID Spoofing
The simplest way to avoid Caller ID spoofing is to call the company directly. This is best done by terminating the call with the suspected spoofer, visiting their site, finding a contact number, and then calling them to confirm whether they were actually trying to reach out and get the requested details from you.
The best way to prevent yourself from becoming a victim of spoofing is to be vigilant with any form of communication that you receive. Look for spelling mistakes, bad grammar and/or unusual use of phrases. Check the spelling of the email address that you have received. If it seems too good to be true, then it most likely is - before you open any link or download any files, contact the person or the company that you think you received the communication from directly.
In general terms, the best way to stop yourself being spammed is not to publicly advertise your email address or contact details on your website or elsewhere. If you do so, then spammers can easily add your details to a spam list. We'd recommend using a Contact form on your website instead, and making sure it is properly secured with a CAPTCHA.
