For email spoofing, the adversary inserts commands into the email header, taking advantage of the lack of authentication in SMTP, and changes the email header to one (theoretically) familiar to the recipient. The goal is to trick the recipient into opening the email or its contents in order to extract information (sensitive data, passwords, PII) or convince the recipient to click on a link or open an attachment which will execute malware on the victim’s computer. Email spoofing is common in phishing attacks. SMTP service extension RFC 2554 is a technical control that can be used to negotiate the security level of SMTP, which will help mitigate the possibility of email spoofing and lessen the chance the attack will reach an end user.
For callerID spoofing, the gateway between networks is altered, allowing the attacker to appear to be dialing in from a known number or organization. CallerID spoofing is also used as part of social engineering attacks or scams. The spoofed level of legitimacy helps convince recipients that the incoming caller is trusted. After the caller (attacker) reaches a willing victim, sensitive information will be requested that can be further used against the victim, the victim’s computer, or the victim’s company’s network.
IP spoofing is mainly used for network attacks like Denial-of-service. An attacker can use IP spoofing to modify packet headers and forge the IP address so it contains a different IP address, again, more familiar or less suspicious to the recipient. Packet filtering is one method of catching phony packets and stopping IP address spoofing.
Attackers can create spoofed URLs, setting up a fraudulent website which he/she can use to gain information from visitors or drop malware on the visitors’ machines. Spoofed websites often contain forms requesting visitor information—like contact information, login credentials, or credit card details—which the attacker than captures and uses to perpetrate additional crime.
Get the DeMISTIfying InfoSec newsletter every Tuesday!
