1. What is spoofing?
Spoofing is the part of any form of communication (electronic or physical) whereby the sender inserts/attaches false identity contact information to the communication.
You get a text message from your boss's cell phone reading "Yeah….I'm going to need you to stay late and finish that TPS report" You sense a prank because your buddies in the cubical across the room are snickering.
You receive an e-mail from your bank saying that there is a problem with your online account and need to verify your account information or your account will be suspended. You click on the link at the end of the e-mail and get a log in page that looks exactly like your banks. If you enter your log in and password, you just gave a crook complete access to your bank account
2. Who Spoofs and Why?
Spammers, friends and enemies (MWIGULU N riz):
Spammers often spoof to trick you into viewing an e-mail. They send out mass messages with a false identity familiar to a large number of people so that some percent of those receiving the message will view the message. Once the recipient is tricked and the e-mail is viewed the spammer may attempt to sell a product, send a political or religious message, try to acquire personal or financial information, or deliver a virus as an attachment.
Spammers spoof to make you think they are someone they are not. They typically do this in order to separate you from your money.
Your friends spoof for fun and pranks. Hopefully, the end result is a good laugh. Your enemies spoof for malicious fun and pranks usually resulting in hurt feelings or damaged relationships.
3. Where would someone send or receive a Spoof?
- A cell phone (voice or text message)
- A land line phone
- An e-mail address
- A Web site
- The postal mail
4. When do you know it is a Spoof?
It is often impossible to know if you have received a spoof. Although to the careful observer there are several clues that help to separate a spoof from a legitimate communication.
Clues to detecting a spoofed text message:
1. You receive a message from a commercial company you have a relationship with and you have not specifically signed up to receive text messages.
2. You receive a message asking you for sensitive financial or personal.
3. You receive a message from a recognized person, however it seems wildly out of character for the sender.
4. You receive a message from a familiar sender but the caller ID name and number do not match up. For example if the message comes from "Mom" but the number displayed is incorrect.
5. How do Spoofs work?
A spoof works differently in each medium as the following shows:
Text/SMS Spoofs are sent by either e-mail or through a web site. The sender inputs your number and then inputs the number or name they want you to see on the caller ID. They then input their message and send. See Text/SMS Spoofing for more in depth data.
Phone Spoofs are sent through a phone or a combination of a web site and a phone. Typically either involves a third party company that acts as an intermediary. The sender initiates a call by either visiting the third party company's web site or calling their specified call-in number. The sender then inputs the caller ID information they want displayed and are connected. The third party company does all the work and charges by the minute. These third party companies will even change the sender's voice and record the call for the spoofer. See Caller ID Spoofing for more in depth data.
URL Spoofing is when the address (A.K.A., domain name or URL) displayed in the address location bar at the top of a browser is not really the web page being. For example the user may see www.citibank.com in the address location bar but really be on the web page www.iamgoingtorobyou.com See URL Spoofing for more in depth data.
Web Spoofing is when the spoofer puts a computer between the internet user's machine and the entire internet thereby intercepting everything the internet user does.
To accomplish this a spoofer must first somehow get an internet user to visit the spoofers trap web page. The spoofer could get an internet surfer to the trap web page through a variety of tricks and techniques including but not limited to:
- a link in a spam e-mail
- hyper-link on a non-trap web page
- a link the internet surfer clicks on from a search engine.
Once the internet surfer visits the spoofers trap web page every web page that the user visits thereafter is served from the spoofers computer. The internet user sees the actual web pages that they are visiting but the spoofer is acting as a malicious intermediary ISP, spying on everything the internet user sees and types. This means that the spoofer can intercept all of the internet users ID's, passwords, credit card information and anything else the web surfer types in to web pages they visit.
Email Spoofing is when a spoofer falsifies the information about whom an e-mail is from. Most spam (unsolicited e-mail) uses e-mail spoofing with the primary intent to trick the recipient into viewing the e-mail. A good example are the thousands of e-mails claiming to be from eBay that are really just spam. See email Spoofing for more in depth data.
IP Spoofing (Internet Protocol Spoofing) is data sent over the internet (such as an e-mail) broken up and sent in small pieces of information called packets. These packets, once received, are reassembled by the recipient. Each packet contains information about who the packet is from and who the packet is to and other data. Spoofers can falsify who the packet is from to trick the recipient. This type of spoofing is often used to gain access to machines which use IP authentication to verify identity. See IP Spoofing for more in depth data.
6. What do I do if I have received a spoof?
If you've been victimized by a spoofed e-mail or web site you should contact your local police or sheriff's departments and file a complaint with the FBI's Internet Crime Complaint Center