What is spoofing?

Of the many ways to mislead internet users into disclosing confidential information, none seems to work better than forging emails and web pages to look as if they are from legitimate sources. This is called ‘spoofing’, and the practice has grown rapidly over the past few years

‘Spoofing’ is falsifying the origin of an internet communication in order to mislead the recipient. It's widely used to create bogus emails or web pages in order to steal money, passwords or banking credentials.

Beware of ‘spam’ emails

Email spoofing is the most commonly encountered. The apparent sender address of almost all spam email is bogus. This is because the 'From’ line in an email is not actually used to send it - it's just a piece of text. A specially-written email program can make it say anything at all, so you can't rely on it to find out where an email has really come from.

In the past, most spam email contained attachments that could infect your computer with malicious code (‘malware’) when the attachment was opened or previewed. But nowadays, it's more common for spam to contain a link to a malicious website.

Unless you click on the link, you're quite safe. So just opening the email is now less dangerous than it was, and once it's open you can usually see if it's bogus pretty easily - misspelled words, bad grammar and naive phraseology are very common.

But very convincing spoofed messages, supposedly from banks, frequently ask for your card number, PIN and password. These emails can include the bank's logo, and at least one has quoted the bank's real helpline phone number and a warning about phishing emails. But you shouldn't get caught out if you remember that real banks never send emails like this.

Close inspection is the key

Most commonly, website spoofing relies on minor differences in website addresses going unnoticed, particularly in search engine results.

The attackers register a web address which is very similar to a well-known, trusted one, but with some small, easily-overlooked difference. Replacing a lower case 'l' with the digit '1' is a classic ploy. Or they register a website name that is the same as a legitimate site, except for its ending - for example, 'site.com' where the legitimate site name is 'site.co.uk' - and use that variant to host the malicious site.

In either case, when you follow the link, you don't land on the trusted site you expect, but on a completely different (usually malicious) one. It may be designed very convincingly to replicate the legitimate site you intended to visit, even to the extent of offering a secure connection for buying. But the secure connection will be to the attacker's website and any card details entered will be stolen.


Taken from: http://www.bbc.co.uk/webwise/guides/about-spoofing 
Last modified: Thursday, 2 August 2012, 12:30 PM