– BY MARIYAM CHOWDHARY
A spoofing attack can be explained as a situation in which a person or a program impersonates another user or a device or a network by falsifying data, to gain illegitimate advantage or to launch attacks against the network host or to spread malware.
Types of a spoofing attack.
ARP SPOOFING – ARP stands for Address Resolution Protocol which is a communication mechanism that is used to map an IP address to a physical (MAC) address of a specific machine within a local area network. An ARP spoofing attack aims to link a cybercriminal’s MAC address with a dynamic Internet Protocol address of a target host.
DNS SPOOFING ATTACK – The Domain Name System (DNS) is responsible for associating names to the correct IP address. Cybercriminals may harness vulnerabilities in a DNS server to tamper with its cache and thus fraudulently impose invalid associations between domain names and IP addresses.
EMAIL SPOOFING – Cybercriminals use email spoofing attacks to trick you into visiting a phishing site that requests sensitive information or spreads viruses.
CALLER ID SPOOFING – Scammers may falsify the caller information shown on your phone’s display to mask the actual origin of the call.
IP SPOOFING – It is a malicious technique used by cybercriminals that relies on generating Internet Protocol (IP) packets with a fabricated source address.
GPS SPOOFING – A GPS spoofing attack attempts to deceive a GPS receiver by broadcasting fake GPS signals, structured to resemble a set of normal GPS signals, or by rebroadcasting genuine signals captured elsewhere or at a different time.
EXAMPLES OF SPOOFING ATTACK
In 2006, unknown hackers carried out a major DNS spoofing attack – the first of its kind – against three local banks in Florida. The attackers hacked the servers of the internet provider that hosted all three websites and rerouted traffic to fake login pages designed to harvest sensitive data from unsuspecting victims. This has allowed them to collect an undisclosed number of credit card numbers and PINs along with other personal information belonging to their owners.
-In June 2018, hackers carried out a two-day DDoS spoofing attack against the website of the American health insurance provider, Humana. During the incident that was said to have affected at least 500 people, the hackers have managed to steal complete medical records of Humana’s clients, including the details of their health claims, services received, and related expenses.
-In 2015, unidentified hackers have used DNS spoofing techniques to redirect traffic from the official website of Malaysia Airlines. The new homepage showed an image of a plane with the text “404 – Plane Not Found” imposed over it. Although no data was stolen or compromised during the attack, it blocked access to the website and flight status checks for a few hours.
Flipkart CEO, Binny Bansal account got spoofed.
Producer Ronnie Screwvala’s NGO loses Rs. 34 lacs over spoof emails.
HOW TO PREVENT SPOOFING ATTACK.
1. Understand the risks.
2. Avoid direct IP user authentication.
3. Rely on encryption.
4. Choose a reliable ISP.
5. Work on your overall security.
6. Invest in spoofing detection software