1 / 15

Spoofing and its Types

Spoofing makes communication form an unknown source seem to have originated from a known and trusted source. It has various types and is used in spoofing attacks.

htshosting
Download Presentation

Spoofing and its Types

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Spoofing and its Types

  2. Table of Contents • Spoofing • Uses of Spoofing • Aftermath of Spoofing • Types of Spoofing (Email Spoofing) • Types of Spoofing (Website Spoofing) • Types of Spoofing (Caller ID Spoofing) • Types of Spoofing (IP Spoofing) • Types of Spoofing (ARP Spoofing) • Types of Spoofing (DNS Server Spoofing) • Safety from Spoofing Attacks (The Dos) • Safety from Spoofing Attacks (The Don’ts)

  3. Spoofing • Spoofing helps to disguise communication that is from an unknown source and makes it appear to have originated from a source that is known and trustworthy. Spoofing can be used through emails, websites, phone calls, IP addresses, Domain Name System (DNS) server etc.

  4. Uses of Spoofing There are many ways in which spoofing is used which are mentioned below, in no particular order.. • For gaining access to the personal information of a target • For spreading malware with the aid of links and attachments that are meant for this purpose • For bypassing network access controls • For redistributing traffic to carry out a denial-of-service attack • For executing cyber-attacks (man-in-the-middle attack, advanced persistent threat etc.)

  5. Aftermath of Spoofing • Successful spoofing attacks on enterprises can result in the following- • Data breaches • Infected computer systems as well as networks • Loss of revenue • Loss of reputation of the organization that is the victim of such an attack • Networks can be overwhelmed when spoofing reroutes Internet traffic • Users can be led to malicious sites that steal information or install malware

  6. 1-800-123 -8156 Whoa! That’s a big number, aren’t you proud?

  7. Linked Node • There are many types of spoofing, which shall be touched upon in the content that is provided here. One of these is email spoofing, which is the first one to be discussed. In it an email message is used by the attacker to trick a recipient and make him/her believe that the email was sent by a source that is known and trusted. • Such emails might contain malicious websites’ links or malware infused attachments. Email spoofing attacks are aimed at stealing the target’s information, infecting the target device with malware or blackmailing the target for money. • It is easy to spoof the information of the email sender. It can be done in one of the following ways- • By mimicking a trusted email address or domain. This is achieved by making use of alternate letters or numbers that are marginally different from the original ones. • By disguising the “From” field in a way that it appears as the exact email address that belongs to a known and trusted source.

  8. Types of Spoofing (Website Spoofing) • In website spoofing, a website is designed in a way that it mimics an existing site that is known and trusted by the target of this attack. This is also called URL spoofing and ensures that a malicious website appears to be genuine and licit. Website spoofing helps attackers to have access to login as well as other personal information of the target. It also helps attackers to infect the target’s system with malware. • In the context of websites, it is imperative to impart some information on how websites are made accessible. This is through web hosting which provides the necessary server space and technologies that are needed to store and deliver the files of a website. Certain terms that are used for the most reliable web hosting companies are, the “Best Windows Hosting Company” or the “Top Cloud Hosting Company” or even the “Best Web Hosting Company in India”.

  9. Types of Spoofing (Caller ID Spoofing) • Caller ID spoofing enables attackers to make it seem that their phone calls are originating from a specific number. This specific number is either a number that is known as well as trusted by the recipient of the call or it belongs to a specific location. Attackers often use social engineering in such attacks.

  10. Types of Spoofing (IP Spoofing) • In IP Spoofing, attackers disguise the IP address of a computer. It helps to hide the identity of the sender. Another computer system can also be impersonated by it. It serves the purpose of gaining access to networks that use IP addresses to authenticate users. IP spoofing is often used in DDoS (Distributed Denial-of-Service) attacks. The attacker sends packets to numerous network recipients. When a response is transmitted by the recipient of the packet, the recipient will be routed to the spoofed IP address of the target.

  11. Types of Spoofing (ARP Spoofing) • ARP (Address Resolution Protocol) refers to that protocol which resolves IP addresses to MAC (Media Access Control) addresses for the purpose of transmitting data. ARP spoofing links MAC of an attacker to a licit IP address. This enables the attacker to have access to the data that is meant for the owner who is associated with that particular IP address. Its most common usage is theft as well as modification of data. It can be used for the purpose of session hijacking and to carry out denial-of-service as well as man-in-the-middle attacks.

  12. Types of Spoofing (DNS Server Spoofing) • Domain Name System (DNS) servers are meant to resolve URLs and email addresses to corresponding IP addresses. With the aid of DNS spoofing attackers can divert traffic to a different IP address. This leads victims to potentially dangerous sites that can spread malware.

  13. Safety from Spoofing Attacks (The Dos) • The easiest and the most effective way to ensure protection against spoofing attacks is to remain informed about it and be proactive. One must look for the signs of spoofing in emails as well as in the other prime targets of spoofing that have been mentioned previously, such as, IP, caller ID etc. When trying to ascertain if a communication is licit or not, one must stay alert and notice incorrect or inconsistent grammar, poor spelling as well as sentence structure that is unusual. All of these can indicate a spoofing attempt. • One must examine the email sender’s address as well. Email addresses can be spoofed by making minor changes in either the local-part or domain name. The URL of a webpage needs to be examined thoroughly to detect spoofing, as often the spelling can be altered marginally here, in order to trick those visitors who don’t pay attention to it.

  14. Safety from Spoofing Attacks (The Don’ts) • To ensure protection against spoofing attacks, one must not click on any link that seems unfamiliar or download unfamiliar and/or suspicious attachments. When such content is received in one’s email, one should send a reply mail to seek confirmation. When an email address has been spoofed perfectly, this reply mail will get delivered to the person whose email address it is and not to the attacker who initiated the spoofing attack. • One must not divulge information to callers requesting for it without being sure of their authenticity. Try to ascertain, by searching on the Internet, if the phone number is associated with scams. Even if the number looks genuine, one must call the number oneself rather than answering it, as a protective measure. This is to ensure protection against caller ID spoofing.

  15. Thanks! ANY QUESTIONS? www.htshosting.org www.htshosting.org/best-web-hosting-company-India www.htshosting.org/best-windows-hosting www.htshosting.org/best-cloud-hosting-company

More Related