Domain spoofing: What is it and how does it work?
According to Techopedia.com, spoofing is “a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver.” On the internet, three things are the most commonly spoofed: emails, IP addresses, and domains.
|Email spoofing||A fraudster sends an email that looks and reads like it came from a familiar party, such as a colleague, a government agency, or a bank|
|IP address spoofing||A cybercriminal creates a fake Internet Protocol (IP) address to impersonate that of a legitimate computer system or system component. In a distributed denial-of-service attack, hackers can falsify the IP addresses of countless internet-connected devices so that:
|Domain spoofing||A phisher registers and uses a domain name that is very similar to that of a legitimate entity to impersonate that entity or one of its members. They can use spoofed domains to send fraudulent emails and send people to fake websites that look like exact copies of real websites.
Spoofed domains are also used to commit ad fraud. Crooks can submit their spoofed domains in ad exchanges so that advertisers will bid for ad spaces on their fake sites instead of on real ones.
In this post, let’s take a closer look at domain spoofing.
Domain spoofing enables email spoofing
One of the ways email filters weed out malicious emails from legitimate ones is by examining their metadata, particularly their headers. For example, if an email’s sender domain does not match its originating domain, that’s a clear sign of fraudulent activity.
However, domain spoofers get around this security barrier by forging the originating domain to match the sender domain they used.
Fake websites are built on spoofed domains
Certain alphanumeric characters look very similar to one another, especially in sans serif fonts. This allows domain spoofers to trick us with imperceptibly altered letters. For example, “PayPal” and “PayPaI” look the same, but the second one uses a capital “i” at the end.
Additionally, our minds tend to autocorrect text when context informs us of what is actually intended by the writer. To illustrate, we’ll read “fiend” as “friend” if the context of what we’re reading makes it seem that “friend” is what was meant. This means that we can also misread URLs based on our expectations. For instance, in an email, we’ll misread “cloudfiare.com” as “cloudflare.com,” especially if the email contains graphical elements and verbiage that make it seem like it came from Cloudflare.
Our misreading of links provided in spoofed emails makes us think that it is safe to click on them. When we do, we’re brought to a spoofed website that looks like the real thing. There, a fake login page can capture our access credentials, or the website may automatically download malware such as spyware or ransomware onto our devices.
On a related note, online advertisers are also fooled by spoofed domains. Instead of placing their ads on premium web publishers, they end up wasting their money on lower-quality websites. Ad fraud especially hurts publishers. First, they lose ad revenue that they would have legitimately earned to spoofed websites. Second, they also lose potential ad revenue since advertisers will tend to stay away from them to avoid being burnt twice.
Domain spoofers are crafty and can easily switch between fake domains to avoid detection. However, since the primary way to disseminate malicious links is via phishing emails, you would do well to augment your email defenses with Graphus’ anti-phishing software. If fraudsters think they’re smart, wait till they meet our AI. See it in action for yourself by signing up for a FREE demo today!