Types of Spoofing Attacks

Spoofing can occur in many different forms and various types of attacks you should watch out for. Here are some examples of different types of spoofing:

Caller ID Spoofing
Caller identification (Caller ID) allows the receiver of a phone call to determine the identity of whoever is calling. Caller ID spoofing occurs when a scammer uses false information to change the caller ID. Since Caller ID spoofing makes it impossible for the number to be blocked, many phone scammers use Caller ID spoofing to hide their identity. Occasionally, these scammers will use your area code to make it seem like the call is local.

Most Caller ID spoofing happens using a VoIP (Voice over Internet Protocol) that allows scammers to create a phone number and caller ID name of their choice. Once the call recipient answers the phone, the scammer will try to convince them to divulge important information. 

Website Spoofing
Website spoofing is when a scammer will try to make a dangerous website look like a safe one, using legitimate fonts, colours and logos. This is done by replicating a trusted site with the intention of taking users to a phishing or malicious site. These copied sites will usually have a similar website address to the original site and appear to be real at first glance. However, they’re usually created to obtain the visitor’s personal information.

Email Spoofing
Email spoofing is when a scammer sends out emails with fake sender addresses with the intention of infecting your computer with malware, asking for money or stealing information. These fake sender addresses are created to look like it came from someone that you know, like a coworker or a friend.
These addresses can either be created by using alternative numbers or letters to look slightly different than the original, or by disguising the ‘from’ field to be the exact email address of someone in your network.

IP Spoofing
When a scammer aims to hide the location of where they’re sending or requesting data online, they’ll usually use IP spoofing. The goal of IP spoofing is to trick a computer into thinking the information being sent to a user is a trusted source and allow malicious content to pass through.

DNS Server Spoofing
Domain Name System (DNS) spoofing, also known as cache poisoning, is used to reroute traffic to different IP addresses. This will lead visitors to malicious websites. This is done by replacing the IP addresses stored in the DNS server with the ones that the scammer wants to use.

ARP Spoofing
ARP spoofing (Address Resolution Protocol) is used often to modify or steal data or for in-session hijacking. To do this, the spammer will link their media access control to an IP address so the spammer can access the data that was originally meant for the owner of that address. 

Text Message Spoofing
Text message spoofing is when a scammer sends a text or SMS message using another person’s phone number. Scammers do this by covering their identity behind an alphanumeric sender ID and will usually include links to malware downloads or phishing sites.

GPS Spoofing
A GPS spoofing attack happens when a GPS receiver is deceived by broadcasting fake signals that resemble real ones. In other words, the scammer is pretending to be in one location while actually being in another. Scammers can use this to hack a car GPS and send you to the wrong address, or even to interfere with GPS signals of ships, buildings, or aircraft. Any mobile app that relies on location data from a smartphone could be a target for this type of attack.

Man-in-the-middle (MitM) Attack
Man-in-the-middle (MitM) attacks occur when a scammer hacks a WiFi network or makes a duplicate fraudulent WiFi network in that location to intercept web traffic between two parties. In doing so, scammers are able to reroute sensitive information to themselves, such as logins or credit card numbers.

Extension Spoofing
In order to disguise malware extension folders, scammers will utilise extension spoofing. Usually, they’ll rename the files to “filename.txt.exe” and hide malware inside the extension. So, a file that appears to be a text document actually runs a malicious program when it’s opened.