Domain Spoofing Explained

Domain names are a key component of a business’s online presence, so maintenance and protection are necessary to keep their value and shield them from risks. Through your domain, you can attract customers online and add credibility to your business.

Companies that are the victim of a spoofing attack can potentially lose millions in revenue. Fortunately, many of these attacks can be prevented with the proper email system, employee training, and other cybersecurity tools. This article will explain what domain spoofing is, and what steps you can take to prevent it from causing harm to your business.

What Is Domain Spoofing?

Domain spoofing is the result of cyber criminals creating a website name or email domain with the intention of fooling users into interacting with a malicious email or a phishing website that appears to be legitimate. 

Domain spoofing is often used in phishing attacks with the goal of stealing personal information, such as login credentials or sensitive financial information, to manipulate targets into sending the attacker money or to convince a user to download malware. A spoofed website or email will typically use logos, or other types of accurate visual design to imitate the branding of a legitimate business. Because of this, users trust that their information is being sent to the right place and are prompted to enter financial details or other sensitive data.

Also related to domain spoofing, users should be on the lookout for attacks that work in similar ways, such as:

  • Email impersonation: the attacker sets up an email address that looks like a legitimate email address. For example This email address is being protected from spambots. You need JavaScript enabled to view it. – note the one instead of an l in the domain name.
  • Email spoofing: a technical process where the attacker modifies an email’s headers so the user receiving the email sees a false email address. For example, the sender’s email address is “This email address is being protected from spambots. You need JavaScript enabled to view it.,” but the recipient sees “This email address is being protected from spambots. You need JavaScript enabled to view it.” in their inbox.
  • Account takeover: the attacker gains access to another person’s account by hacking or using stolen credentials and uses it to send phishing emails.

What Is Domain Impersonation?

Domain spoofing specifically refers to a sender attempting to make it appear as though mail is being sent from the target domain whereas domain impersonation is the act of attackers attempting to impersonate the domain of a business. Impersonation utilizes social engineering tactics, making changes to a domain that are difficult to spot to trick users into making an error. Successful impersonation relies on the user’s carelessness, by either not checking or briefly glancing at the domain before engaging.

Guardian Digital engineers have found that 71% of email attacks consist of at least some form of domain impersonation, making it vital for companies to be prepared in the event of an attack. Domain impersonation is a common phishing technique that involves attackers creating “legitimate” looking email domains in order to impersonate specific companies, organizations, or individuals. This is done with the intention of tricking users into giving away personal or sensitive information, data, or money by posing as a trusted figure.

Three common forms of domain impersonation phishing attacks include:

  • Attackers impersonate a company executive to target an employee of the organization. 
  • A more sophisticated attack that targets senior executives is called whaling
  • Business Email Compromise (BEC), in which attackers impersonate a business to target employees, customers, or partners.

Types of Domain Spoofing and How They Work

As previously stated, email spoofing is when attackers send emails that appear to come from a familiar sender, such as a friend, business, or government agency. Two other types of domain spoofing include:

Website Spoofing

Attackers register a domain that is similar to a known or popular domain with the intention of creating a nearly identical site and sending spoofed emails to lure victims. Once a user has found their way onto the spoofed site, they may be offered malicious downloads or asked to provide their personal information. These websites can also be used to commit ad fraud once the threat actor submits the false domain to an ad exchange in order to trick advertisers into bidding for space on the spoofed site.

DNS Poisoning

DNS poisoning, also known as DNS spoofing, is a dangerous cyber attack in which hackers redirect web traffic toward fake web servers and phishing websites that typically look identical to the user’s intended destination. This makes it easy for hackers to manipulate visitors into compromising their sensitive information. 

An email spoofing attack may work like any spam, phishing, or spear-phishing attack, in which an attacker spams people at random or targets users in an industry or corporation with fake messages that contain malicious links or lure users to poisoned websites. The false websites are themselves examples of domain spoofing, so it’s not unusual to see email spoofing and domain spoofing used in tandem.

A domain spoofing attack may be part of a larger attack, such as a DDoS attack, in which attackers use spoofed IP addresses to flood a targeted website or server until its resources are exhausted and it slows down or crashes.

Best Practices for Preventing Domain Spoofing Attacks

  • Check the domain for extra letters or numbers: look for characters that are easily mistaken for others, such as lowercase L’s and capital I’s.
  • Check email header information: look in the “Received from” field and “Received-SPF” fields. If the domains displayed in these fields don’t match what you know about the supposed sender, the email is most likely spoofed. 
  • If the domain appears to be correct, check that other information matches: hover over hyperlinks to see if they lead where you expect. Make sure the name of the business is not a subdomain. The correct name should always appear right before the .com or other file extension.
  • Make sure there’s an SSL certificate: an SSL certificate is a text file that authenticates the identity of a website and encrypts information sent to the server.
  • Do not click links within the message or website: search for the site and click on the link in the search results.
  • Implement a proactive, layered supplementary email security solution: this solution should provide real-time protection against fileless malware and other sophisticated modern cyberattacks by creating a safeguarded environment around the user. Selecting a solution that is accompanied by managed services can simplify administration, enhance security and free up valuable IT resources.

Attackers Steal Millions in Cryptocurrency After Spoofing Site

In 2019, European law enforcement arrested a group of fraudsters for compromising the cryptocurrency wallets of at least 4,000 victims by setting up a website that impersonated Blockchain.com. The hackers used typosquatting, a type of social engineering attack which targets internet users who incorrectly type a URL into their web browser as opposed to using a search engine, which allowed them to capture the login credentials of cryptocurrency users and steal the funds in their wallets on the platform.

The South West Regional Cyber Crime Unit (SW RCCU) in the U.KA  announced that this method allowed the attackers to steal more than £22 million worth of cryptocurrency from victims in 12 different countries. Experts stated Google Adwords were used to promote links leading to the fraudulent site posing as Blockchain.com. Users can avoid falling for typosquatting attacks by confirming the domain name is the correct one or by typing in the URL themselves instead of following links from potentially malicious sources.

Keep Learning

Business owners and IT teams must be more responsible for their users and clients by paying attention to domain spoofing detection and prevention. It is easy to fall for domain spoofing, but you can help mitigate risks with attention and cyber awareness.

  • Prepare your business for cyberattacks to make sure employees stay safe online.
  • Improve your email security posture to protect against attacks and breaches by following best practices.
  • Keeping the integrity of your email safe requires securing the cloud with spam filtering and enterprise-grade anti-spam services.

Must Read Blog Posts

Latest Blog Articles