What is Spoofing? The deception technique that goes hand in hand with phishing

Most Internet users already know the term phishing, but there is another type of computer attack that also occurs very frequently and we know less about it. Do you know what Spoofing is? We tell you.

Although there are many categories of cyber attacks, cybercriminals do not focus on just one, they use several techniques in the same attack to be more successful, which is why phishing and spoofing often go hand in hand. 

While phishing is a cybercrime technique in which hackers try to fish their victims to steal their personal data, spoofing refers to one of the techniques criminals use to fish. 

Cybercriminals tempt users into their traps through fake web pages, emails, SMS or offers and advertisements on the internet, and spoofing is one of the baits used. The word spoof in English is usually translated as parody or mockery, but in this case it would be more correct to translate it as impersonation or imitation.

In other words, it as an impersonation of the identity of a website, company or any individual with the aim of stealing other people’s data: “ hacking techniques used maliciously to impersonate from a website, entity or person on the network, in order to obtain private information about us ”.

They pose as well-known brands or entities so that the victims trust them. If, for example, you receive an email from the General Directorate of Traffic in your country saying that you have a pending fine for running a traffic light or if you receive an SMS from your bank indicating that there is a problem with your bank account, there will be many people who click and download the attached document or click on the link that comes with the message. 


However, in most cases it is a trap that directs you to a fake website that imitates the design of your bank or the entity from which it is impersonating. In this way, the victim enters their personal data and passwords to pay the fine or to check their money in the bank thinking that there is a problem. In this simple way you have given your personal data to a thief who can now impersonate you and steal your money.

This technique can be used with any company or person. They can impersonate the identity of a social network where you have an account, companies like Netflix or Amazon where we are paying a subscription or simply pretend to be the Government indicating that there is a problem with your income statement or unemployment that you are collecting. 

It is even possible to impersonate a friend or acquaintance who has been attacked previously and through their infected computer or mobile they send you messages asking you to download a file or enter a website.

These are some of the spoofing modalities and how we can act in each of these cases to avoid falling into the plot:

Spoofing on web page

Cybercriminals create fake websites by imitating the design and even the URL of the original website and use phishing techniques to lead us into this spoofing trap. 

  • Tip : Being a web page or a link that takes us to a page, the url can give us the clue. Look for links and addresses with digital certificates and check that it is not a sham. 

Email spoofing 

It is the second most used case in this type of impersonation. Cybercriminals send mass emails to many users or create chains of hoaxes that people share without thinking that they are infecting others. 

  • Tip : The digital signature or encrypting the mail usually helps to certify that we are the true owner of that address. This also helps to verify the emails of a company from the fake ones. In any case, it is always safer to check the information by entering the company website directly by typing the address in the browser, avoiding using search engines or the links in the message itself. 

Spoofing by IP address

Cybercriminals have also learned to spoof their IP addresses to bypass some network controls and be able to send us malware. This technique is very common in DDoS attacks that we explain to you in this other video. 

  • Tip : We must configure our router with a firewall, so that it is capable of filtering suspicious IP addresses, although it is possible that criminals deceive your router as well.

DNS spoofing

There are some malware that can infect our router by downloading them and changing the system’s DNS. Thus, when we want to access a specific page, the infected router redirects us to a fake website. (domain name system, DNS)

  • Advice : In addition to having a good antivirus and always checking that we are on a secure page before giving any information, we must shield our router, change the passwords periodically. 

Spoofing by application

Lastly, we want to emphasize that these deceptions can also be found in mobile or computer applications. Official stores (Apple Store, Google Play Store) have security measures to certify the reliability of the apps, but they are not infallible. We can find apps that imitate Netflix’s but that contain malware waiting for us to download them to our mobile.

  • Tip : always check the source and developers of that app. Instead of looking for it in the search bar of the store, it may be safer to enter the official website and there look for the link to download the application, but you must be very sure that this is the official page. And always read carefully the permissions you give the application to use your mobile, view your location or use your camera.

Apart from these tips, we can give you others that serve for any type of danger on the internet: 

  • Act with common sense and caution before any message, news or announcement that reaches us
  • Be informed about the latest news in technology and cyberattacks that entities or the media like us usually share so that you are alert.
  • Be aware that there is no technique or program that protects us from all attacks and that we must always be prepared to fall into the trap, making backup copies and updating all devices.
  • And finally, when there is the slightest doubt, we must never share or distribute a message or download a file or application and we must report or consult the authorities, police or institutions dedicated to cybersecurity.

Leave a Reply