february 2024

What is Spoofing?

The term spoofing is becoming increasingly common in the context of cyber attacks, as it is a technique that can be used for phishing. The key point of a spoofing attack is that the message appears to originate from a secure source, leading someone to overcome a mental defense barrier. In other words, this type of attack occurs when someone impersonates another person, usually someone close to us or even a higher authority, in an attempt to gain our trust, access our systems, or encourage a specific action, aiming to gain illegitimate access to resources that can result in financial losses, for example.

Spoofing attacks take various forms of communication origin forgery, such as email, caller ID, text messages, or even GPS coordinates.

The most common methods of spoofing are through email or phone calls. In practice, attackers send an email with a phishing link, leading the victim to a website that resembles one they frequently visit, such as the homepage of their bank's website. The phone call differs slightly, but the goal is the same, as the victim receives a supposed call from their bank, and the cyber attacker poses as someone working for the bank, prompting the victim to provide their identification details and passwords.

This type of attack is a growing concern for the cybersecurity ecosystem, as it is evolving, and attackers are becoming more meticulous in their approach. It is important to know the best cybersecurity practices to protect and prevent spoofing attacks:

1. Confirmation

If the message or request sounds strange or has a high impact, regardless of appearing to come from a secure source, seek confirmation. For example, if asked to provide personal information such as a password or credit card number, call the sender to confirm, using a legitimate contact number obtained from a reliable source, or call a known number from your contacts.

2. Check emails and messages

Be vigilant for signs of phishing, such as always checking the senders of emails or messages requesting personal information. To confirm if a sent link is genuine, manually enter the URL into your web browser, check for signs of site forgery, and avoid clicking on links or downloading attachments from unknown sources.

3. Multi-Factor Authentication (MFA)

Enable multi-factor authentication whenever possible, especially for sensitive accounts like email or online banking services.

4. Stay informed about spoofing

Stay informed about the most common types of forgery. Be attentive to common signs of a spoofing attack, learn how to protect yourself, and you will have a much lower chance of falling victim to a cyber attack.


To better understand how a spoofing attack works, we present a real case of a company in India that suffered such an attack and consequently lost nearly 4 million rupees. The pharmaceutical machinery import company from Italy uses two email addresses to communicate with its clients and received an email that seemed to be from an Italian company with which it had business ties, falsely requesting a pending payment of 3.98 million rupees to another bank account. This illustrates how cyber attackers deceive, emphasizing the need for maximum attention to the techniques used and how realistic they can appear.

News: https://indianexpress.com/article/cities/mumbai/mumbai-company-email-spoofing-fraud-4-crore-8325488/









Subscribe our newsletter.

Cookie Consent X

Devoteam Cyber Trust S.A. uses cookies for analytical and more personalized information presentation purposes, based on your browsing habits and profile. For more detailed information, see our Cookie Policy.