What Is Spoofing?
Spoofing is a cyberattack that disguises malicious communication as a message originating from a legitimate source. Threat actors execute this technique by impersonating a real user to assume authority and gain privileged access to critical business data. Spoofers rely on two significant elements: the spoof itself and social engineering.
A spoof could be an email or text message that appears to originate from a trusted source with authority, such as a corporate executive. Similarly, social engineering misleads victims into interacting with a malicious artifact like a phishing URL or a poisoned download.
How Spoofing Works
Imagine getting an urgent email from your company’s CEO asking you to remove a social media post because it’s damaging the business’s reputation. Your initial instinct is to click on the link and view the post. But, unfortunately, your click takes you to a rogue website that steals your information.
Attackers spoof a domain by registering a domain name similar to your company’s, such as 1earn.g5.com—a domain that resembles the legitimate learn.g5.com but with the letter l replaced with the number 1.
Telephone impersonation is also a form of spoofing: A caller on the other end fraudulently presents themselves as a bank representative and requests your account or credit card information. Spoofers can use software to mimic caller IDs to make their bogus calls seem more credible, a practice known as phone number spoofing.