Domain Spoofing

Domain spoofing, a common form of phishing, occurs when an attacker appears to use a company’s domain to impersonate a company or one of its employees.

This can be done by sending emails with false domain names which appear legitimate, or by setting up websites with slightly altered characters that read as correct. Commonly, a spoof website or email will use logos, or any other kind of accurate visual design to effectively imitate the styling and branding of a legitimate enterprise or business. Users will commonly be prompted to enter financial details or other sensitive data, trusting that they are being sent to the right place.

Domain Spoofing Classifications

Email Spoofing: forging of an email header so that the message seems to originate from someone or somewhere different from the actual source. Email spoofing is a scheme used in both phishing and spam campaigns because users don't want to open an email if they don’t trust the legitimacy of the source. The purpose of email spoofing is to trick recipients into opening, or even corresponding with a solicitation.

Website spoofing: Website spoofing is the act of building a fake website with the goal of misleading users, gaining their trust, and assuming the identity of a legitimate group or organization. The spoof website will frequently adopt the design of the target website and sometimes mimic the URL with alternate characters. A more sophisticated attack can involve the perpetrator building a ‘shadow’ version of the World Wide Web by routing all of the user’s web traffic through the attackers console. This type of attack captures all of the victims sensitive information. Another method used by domain spoofing attackers is to use a cloaked URL. By using domain forwarding, or inserting control characters, the URL can appear to be genuine while concealing the address of the actual website.

Email Spoofing Solutions

Email spoofing is possible because the Simple Mail Transfer Protocol (SMTP) does not provide a mechanism for address authentication. Although email address authentication protocols and mechanisms have been specified to battle email spoofing, adoption of those mechanisms has been slow.

• Sender Policy Framework (SPF): an email validation system, SPF allows domain managers to authorize individual hosts to use a domain in email. This list of approved domain names in protected, and can be used to verify authenticity.
• Domain-based Message Authentication, Reporting and Conformance (DMARC): is an email authentication protocol based on reporting and enforcement components. Built on two components, reporting and enforcement. Through reporting, DMARC can automate authenticity verification, and alert administrators to false email domains immediately. When false domains are used DMARC will stop the email from entering the inbox.
• DomainKeys Identified Mail: (DKIM) which provides a way to validate a domain name identity associated with a message. When a message is built, a digital signature is added to the email to ensure authenticity. DKIM does not offer filtering capabilities, but can be used to guarantee legitimacy of the message.
• Sender ID (SID): a protocol based largely on SPF and promoted by Microsoft, SID is built into exchange servers, by reading the SMTP header. The service the queries the DNS records to verify the sender's address.

Experts recommend that users only access financial sites and other sensitive sites directly through a main page or other verified avenue in order to avoid being cheated by a spoof website. According to the FTC, over 96% of companies operating today suffer from domain spoofing attacks in one form or another. Therefore, having the right solutions in place to protect against the possibility of an attack is a necessity for any person or business.

Related Terms

• Spear Phishing
• Malware
• Ransomware
• DMARC Authentication

How Barracuda Can Help

Barracuda Sentinel helps protect your brand by stopping domain spoofing and unauthorized activity. It offers an intuitive wizard to help you set up DMARC (Domain-based Message Authentication Reporting & Conformance) for unmatched protection.

Using advanced threat-protection techniques like Mail Protocol (SMTP) Checking, Sender Spoof Protection, and Domain Keys (DKIM) Inspection, the Barracuda Email Security Gateway is well suited for protection against Domain Spoofing attacks.

Do you have more questions about Domain Spoofing? Contact us today.