What is domain spoofing?
Updated at: Oct 01, 2019
Domain spoofing is a tactic used by cybercriminals to commit scams and frauds on the internet. It occurs when an attacker tries to impersonate a company, an employee or someone known to confuse and persuade another person. How? Forging a domain. Domain spoofing is directly linked to social engineering, spam campaigns, phishing and spear phishing scams, such as Business Email Compromise (BEC) and Email Account Compromise (EAC).
In practice, domain spoofing is used by hackers in different ways. It could be, for example, by simply adding a letter to an email address or creating a fake website that has an address very similar to the legitimate one. In the day-to-day routine, these small changes end up being overlooked by many people.
But the success of a scam doesn't depend only on that, of course. Cybercriminals are often smart people. Scams involving domain spoofing are carefully prepared. Therefore, the entire visual identity of a company is usually forged in fake emails and websites, including logo, colors and any other visual detail that imitates the original and official one.
Types of domain spoofing
We can say that there are two main categories of domain spoofing. Within these categories, there are some variations.
1. Email spoofing
Email spoofing is the act of forging email addresses. This can happen basically in two ways. First, when an attacker hacks an email account and uses it to commit fraud. Second, when the attacker creates a similar email address or falsifies some part of an email to imply that the message is legitimate. The email spoofing purpose is to gain the recipient's trust. That involves social engineering, spam campaigns, and phishing and spear phishing scams.
2. Website spoofing
Website spoofing is about creating a fake site address. The goal remains to gain the victim's trust and then deceive him. In these cases, the fake websites are very similar to the legitimate ones. Frequently, URLs have only a few letter variations. Website spoofing is even more used by crooks during festive and shopping dates, such as Black Friday. It also heavily involves social engineering, spam, phishing, and spear phishing.
Cases and examples of domain spoofing
Imagine that a hacker has created a fake website that looks a lot like your bank's website. Then you receive an email apparently sent by your bank. The email says that someone tried to access your account in some distant country. You're then prompted to click on the link, to access the website, and to provide information to solve the issue. You already know where this is going, right?
It's interesting to note in these cases that email spoofing and website spoofing are often used within the same scam.
It's also a possibility that the cybercriminals use a malicious file to infect your machine with ransomware, spyware or any other type of malware. Imagine that you need to open a file that you received by email and was supposedly sent by your company's CEO. The damage can be huge to your business.
In more sophisticated cases, the attacker will only use email spoofing. He'll try to impersonate a partner or someone inside the company, especially a C-level executive, to request a bill payment or a wire transfer.
Both website spoofing and email spoofing are linked to making money illegally, stealing confidential information that can be used in other scams, espionage, secret data sale, and even the invasion of machines with the purpose of turning them into robots, or botnets.
How to prevent spoofing
In the case of email, there are authentication mechanisms that help fight spoofing, such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication Reporting & Conformance). There are also more comprehensive tools, such as a Secure Email Gateway, which allow you to configure these authentication mechanisms we just mentioned.
Overall, the security tips are: have attention with emails and websites that require important information, carefully check email and website addresses, don't click on suspicious attachments and URLs. If you need to verify a message's legitimacy, look for other ways to do so. And, if you receive a message to update an account or get an unmissable deal, don't click on the link. Instead, go directly to the company's official website. These are the main tips to keep you and your company safe against domain spoofing and other threats.