In the computer world, spoofing refers to stolen identity, when a person masquerades as another individual or as an organization or business with the purpose of gaining access to sensitive personal information including user names and passwords, bank account information, and credit card numbers. Spoofing is both part of the setup for phishing as well as a technique to gain direct access to an individual’s or organization’s computer or computer network. Spoofing software is software created to assist the scammer in the pretense of being someone or something he or she is not. Understanding how spoofing software works can help people understand how to avoid being scammed.
Spoofing is done by changing addresses. MAC (Media Access Control) addresses, IP (Internet Protocol) addresses, email addresses, SMS (Short Message Service) messages, and even the master DNS (Domain Name Server) addresses. Spoofing software programs have been created to accomplish all these masquerades, some of which are easier and more commonly carried out than others.
Spoofing websites can be carried out in a variety of ways. First, it can be done by making a reasonably believable copy of the pages of the website that are publicly accessible and posting them to another server. There is spoofing software available to accomplish this task, and watermarking site images can help in the detection of this type of spoofing. Another way that this is done is by registering a web address that users are likely to type mistakenly when trying to reach a legitimate site. Altering links is another method, and this can be prevented by applying digital signatures to web pages.
IP spoofing can be set up by spoofing software and detected by network analyzer software, also known as packet sniffing software. It is also sometimes recognized by users finding commands on their terminal that they did not enter, or blank windows that they cannot control. A filtering router that prevents packets with a source address from within the network through from the outside. Firewalls with an appropriate setup can also provide protection. There is also anti-spoofing software to protect from IP spoofing attacks.
Since the Internet depends on correct addresses being associated with websites, DNS server spoofing is perhaps, potentially the most sophisticated attack, and could have widespread results. If the spoofing software or other method is successful, every visitor who attempted to visit a site would be directed to an incorrect Internet address. Such an attack was carried out once with the result that the security for DNS servers was strengthened.
