Table of Contents
What is Domain Spoofing?
Domain spoofing, a common form of phishing, occurs when an attacker appears to use a company’s domain to impersonate a company or one of its employees.
This can be done by sending emails with false domain names which appear legitimate, or by setting up websites with slightly altered characters that read as correct. Commonly, a spoof website or email will use logos, or any other kind of accurate visual design to effectively imitate the styling and branding of a legitimate enterprise or business. Users will commonly be prompted to enter financial details or other sensitive data, trusting that they are being sent to the right place.
Domain Spoofing Classifications
Email Spoofing: forging of an email header so that the message seems to originate from someone or somewhere different from the actual source. Email spoofing is a scheme used in both phishing and spam campaigns because users don't want to open an email if they don’t trust the legitimacy of the source. The purpose of email spoofing is to trick recipients into opening, or even corresponding with a solicitation.
Website spoofing: Website spoofing is the act of building a fake website with the goal of misleading users, gaining their trust, and assuming the identity of a legitimate group or organization. The spoof website will frequently adopt the design of the target website and sometimes mimic the URL with alternate characters. A more sophisticated attack can involve the perpetrator building a ‘shadow’ version of the World Wide Web by routing all of the user’s web traffic through the attackers console. This type of attack captures all of the victims sensitive information. Another method used by domain spoofing attackers is to use a cloaked URL. By using domain forwarding, or inserting control characters, the URL can appear to be genuine while concealing the address of the actual website.
Email Spoofing Solutions
Email spoofing is possible because the Simple Mail Transfer Protocol (SMTP) does not provide a mechanism for address authentication. Although email address authentication protocols and mechanisms have been specified to battle email spoofing, adoption of those mechanisms has been slow.
- Sender Policy Framework (SPF): an email validation system, SPF allows domain managers to authorize individual hosts to use a domain in email. This list of approved domain names in protected, and can be used to verify authenticity.
- Domain-based Message Authentication, Reporting and Conformance (DMARC): is an email authentication protocol based on reporting and enforcement components. Built on two components, reporting and enforcement. Through reporting, DMARC can automate authenticity verification, and alert administrators to false email domains immediately. When false domains are used DMARC will stop the email from entering the inbox.
- DomainKeys Identified Mail: (DKIM) which provides a way to validate a domain name identity associated with a message. When a message is built, a digital signature is added to the email to ensure authenticity. DKIM does not offer filtering capabilities, but can be used to guarantee legitimacy of the message.
- Sender ID (SID): a protocol based largely on SPF and promoted by Microsoft, SID is built into exchange servers, by reading the SMTP header. The service the queries the DNS records to verify the sender's address.
See which threats are hiding in your inbox today.
Our free Email Threat Scan has helped more than 12,000
organizations discover advanced email attacks.