How I Met Your Mother
Have you ever watched the episode entitled “The Playbook” (05×08) of How I met your Mother? If you haven’t, you are missing twenty-four minutes of entertainment. And if you have, well, you do have a concrete representation of what spoofing looks like. Spoofing is the action of pretending to be someone else. In the domain of cybersecurity, an attacker is performing spoofing when it counterfeits its identity to attempt to gain our confidence or have access to our data and systems.
Spoofing in cyber security
On the internet there are no boundaries and entities cannot be sure to whom they are actually talking to. Trusted channels and trusted elements give us a guarantee that someone is talking to us, but that might not be enough as we do not know who we are really talking to. Indeed, spoofing comprises those acts of camouflaging the communication from an unknown source as pretending to be from a known (and trusted) source.
What is Spoofing?
Spoofing can be applied to emails, phone texts, calls, and websites. It might also be more technical; for example, a black hat hacker can spoof a computer’s IP address or Domain Name System (DNS) server.
Spoofing can be used to gain access to a target’s personal information, spread infectious malware through infected links or attachments, bypass network access controls, or redistribute traffic to conduct a denial-of-service attack. Spoofing is often the way a bad actor gains access in order to execute a larger cyber-attack such as an advanced persistent threat or a man-in-the-middle attack. In addition, spoofing that leads to the rerouting of internet traffic can overwhelm networks or lead customers and/or clients to malicious sites aimed at stealing information or distributing malware.
We shall bear in mind that monetization is one of the first key reasons urging malicious entities to act. Successful attacks on organizations can lead to the infection of whole systems, data breaches, revenue losses, and public reputational losses.
Giovanna Alberta Stefani