Spoofing: The term “spoofing” was highlighted in the news in July 2019, when four people were arrested by the Federal Police on suspicion of having invaded the cell phones of some Brazilian authorities, including the then Minister of Justice and Public Security Sérgio Moro.
According to the investigations, cybercriminals allegedly used spoofing techniques to remotely access the messages exchanged between Moro, the Attorney General of the Republic Deltan Dallagnol and other members of the Task Force of Operation Car Wash, data captured through the Telegram app.
The operation, which resulted in the hackers’ arrest, was called spoofing and is still remembered today, mainly because this type of scam with the intention of stealing data happens frequently, causing many victims. Learn a little more about this technique and find out how to protect yourself.
What is spoofing?
It is one of the most popular cyber attacks today, in which the cybercriminal impersonates someone known to the victim or a legitimate company, in order to steal sensitive information such as passwords, credit card numbers and personal messages.
The name comes from the English word spoof, which means to deceive, pretend or imitate, in free translation. In the internet universe, the expression is related to forgery, with spoofers using various tactics to assume an identity that is not their own, to deceive others.
Spoofing campaigns can be targeted at both people and business networks. In the latter case, the technique is used to bypass the security systems of banks, telecommunications operators and other large companies, to spread malware and also set the stage for other attacks.
Types of spoofing
There are several types of spoofing, some easier to identify, such as e-mail, and others a little more complicated. Know the most common ones:
Perhaps the most used, consists of sending fake e-mails, assuming the identity of an acquaintance, service provider, bank, educational institution, collection company or other type. It usually comes with an attachment and asks the recipient to make a decision urgently.
By changing the DNS of routers, the hacker can divert accesses that would go to a legitimate website, leading Internet users to access fraudulent pages. In these copies of websites, you may end up having the data stolen or downloading malware without knowing it.
In this case, there is no need to modify the DNS, since the cybercriminal creates a fake website to attract inattentive users. Bank pages are among spoofers’ favorites.
Call / SMS spoofing
It happens when you receive a call or message from someone posing as a real company. The attacker tries to trick the victim into providing passwords, document numbers, cards and other sensitive information.