DMARC

Domain-based Message Authentication Reporting and Conformance

Domain-based Message Authentication Reporting and Conformance (DMARC): An
email validation system that detects and prevents email spoofing.

What Does Referrer Mean?

A referrer is URL data from an HTTP header field identifying the Web link used to direct
users to a Web page. Referrers are used in statistical Web analysis and often
integrated with marketing strategies and security methodologies.

Techopedia Explains Referrer

A referrer is commonly used to combat cross-site request forgery (falsificación)

(CSRF), which is unauthorized or malicious activity from a trusted website user. The
ease of disabling or forging referrers weakens security mechanisms.
Some Web browsers, proxies and firewall software allow user referrer disabling. On the
flipside, published referrer links allow bloggers to attract readers, enhance
communication and expand blogging communities. However, this practice can lead to
increased referrer spam.
Most Web servers log all traffic, including referrer information, increasing privacy
concerns. Thus, some Web servers are barred from receiving referrer information.
Referrer data is often blanked out by Internet security applications.
When the refresh command is used, most Web browsers do not send referrer data.
The World Wide Web Consortium (W3C) discourages this practice.

The referrer problem

The Referer (sic) header contains the address of a request (for example, the address
of the previous web page from which a link to the currently requested page was
followed, or the address of a page loading an image or other resource). This has many
fairly innocent uses, including analytics, logging, or optimized caching. However, there
are more problematic uses such as tracking or stealing information, or even just side
effects such as inadvertently leaking sensitive information.
For example, consider a "reset password" page with a social media link in a footer. If
the link was followed, depending on how information was shared the social media site
may receive the reset password URL and may still be able to use the shared
information, potentially compromising a user's security.
By the same logic, an image from a third party site embedded in your page could result
in sensitive information being leaked to the third party. Even if security is not
compromised, the information may not be something the user wants shared.

Spoofing Definition
Spoofing is a technique through which a cybercriminal disguises themselves
as a known or trusted source. Spoofing can take many forms, such as
spoofed emails, IP spoofing, DNS Spoofing, GPS spoofing, website
spoofing, and spoofed calls.

In so doing, the adversary is able to engage with the target and access their
systems or devices with the ultimate goal of stealing information, extorting
money or installing malware or other harmful software on the device.
How does Spoofing Work?
Spoofing techniques vary based on the type of attack. For example, in email
spoofing, the adversary can hack an unsecured mail server in order to hide
their true identity. In a MitM attack, an adversary can create a Wi-Fi access
point in order to intercept any web activity and gather personal information.
There are also relatively simple or non-technical spoofing techniques, such
as altering the “From” field in an email address.

It is fairly common for attackers to spoof multiple points of contact, such as

an email address and website, in order to initiate the communication and
carry out the actual attack. For example, cybercriminals may spoof an email
address in order to engage a potential victim and then use a spoofed
website to capture the user’s login credentials or other information.
Familiarizing yourself with the different types of spoofing attacks is critical in
understanding how spoofing works.

Types of Spoofing Attacks

Spoofing attacks take many forms, from the relatively simple to advanced.
Common types of spoofing attacks include:

Email Spoofing

One of the most common types of spoofing attacks is email spoofing. This
occurs when an attacker purports to be a known, familiar or plausible
contact by either altering the “From” field to match a trusted contact or
mimicking the name and email address of a known contact. For example, a
spoofed email address may use a zero (0) in place of the letter O, or
substitute an uppercase I for a lower-case L. This is called a homograph
attack or visual spoofing.

In most email spoofing attacks, the message contains links to malicious

websites or infected attachments. The attacker may also use social
engineering techniques to convince the recipient to divulge personal data or
other sensitive information.

Caller ID Spoofing

Similar to email spoofing, caller ID spoofing disguises an adversary’s actual

phone number with one that is familiar. If the recipient answers the phone,
attackers typically pose as a customer support agent to gather personal
information, such as:

 Social security number

 Date of birth
 Banking details
 Passwords
Some advanced telephone spoofing attacks can reroute the call to an
international or long-distance carrier, causing the victim to rack up extensive
bills.

Website or Domain Spoofing

Domain spoofing is when an attacker creates a website that mimics an

existing site – often by slightly changing domain names. The goal of these
attacks is to have users attempt to log into their account, at which point the
attacker can record their account credentials or other personal information.
The attackers can then use the credentials on a trusted website or sell the
information. Website spoof attacks are usually triggered by an email spoof—
meaning that the attacker first reaches out using a fictitious email account
and drives traffic to the spoofed website.

IP Spoofing

Attackers can alter their IP address in order to hide their real identity or
impersonate another user. This technique is commonly used by advanced
adversaries in a DoS attack. Using this technique, attackers alter their IP
address in order to flood the victim’s site with traffic, limiting access for
authentic users. Learn more about DoS attacks.

Address Resolution Protocol (ARP) Spoofing

Address Resolution Protocol (ARP) is the process of matching IP addresses

to Media Access Control (MAC) addresses in order to transmit data. In
an ARP spoofing attack , the adversary links their MAC to a legitimate
network IP address so the attacker can receive data meant for the owner of
that IP address. ARP spoofing is commonly used to steal or modify data.
However, it can also be used in DoS and man-in-the-middle (MitM) attacks
or in session hijacking.

GPS spoofing

GPS spoofing is the act of altering a device’s GPS so that it registers in a

location different from the user’s physical location. While this technique is
mostly used by players of online games, such as Pokémon GO, it has far
more sinister implications. For example, GPS spoofing can be used to
redirect navigation systems in vehicles of all kinds, including passenger
cars, commercial airplanes, naval vessels, public busses and everything in
between.

Man-in-the-middle (MitM) attack

A man-in-the-middle (MITM) attack is a type of cyberattack in which a third

party infiltrates a conversation between a network user and a web
application. The goal of this attack is to surreptitiously collect information,
such as personal data, passwords or banking details, and/or to impersonate
one party in order to solicit additional information or spur action, such as
 changing login credentials, completing a transaction or initiating a transfer of
funds. This type of attack often includes either email spoofing, website
spoofing or both in order to trigger activity and carry out the transfer of data.

Facial spoofing

One emerging spoofing technique is related to facial recognition. Since

many people now use such technology to unlock their phones or apps,
cybercriminals are exploring how to exploit potential vulnerabilities. For
example, researchers have demonstrated that it is possible to use 3D facial
models built from pictures available on social media to unlock the user’s
device via face ID. Further implications for this technology include simulating
embarrassing or even criminal video footage of high-profile individuals, such
as celebrities, politicians and business leaders in order to extort money.

Fishing

Clone phishing, like conventional phishing, relies on email to compromise

unsuspecting users. The definition of clone phishing lies in its name — a clone
phishing attack will literally clone an email from a trusted or authoritative source
(usually by intercepting a real email before it reaches the intended recipient)
and then insert a link to malware or request for sensitive information.
Here, we explore exactly what clone phishing is, how it works, and provide
some tips to help you avoid falling prey to this sophisticated hacking technique.
What is Clone Phishing?
Clone phishing is an attempt to use email to gather sensitive information or
compromise a user or device. Frequently, phishing attacks lead to ransomware,
sniffers, or trojans, software that either steals information or holds it for ransom.
For the most unsuspecting users, clone phishing emails may even request
information be given in reply to the cloned email.
Clone phishing attacks differ from conventional phishing attacks. Instead of
writing an email from scratch and trying to emulate an authentic tone, style, or
format, a cyberattacker intercepts a real email before the recipient receives it,
then alters it to include malicious elements such as malware and links to fake
websites in an attempt to elicit information.
Like standard phishing, clone phishing emails are sent to large numbers of
recipients in the hope that just one or two victims fall for the scam.
Cyberattackers monitor the fake emails, and once a victim has clicked, forward
the same forged email to the contacts from the victim's inbox.
How Does Clone Phishing Work?
Clone phishing is the next evolution of spear phishing, where a fake email
includes enough legitimate details to fool the recipient into believing the email
was genuine. Naturally, clone phishing also consists of some of these elements:

 A spoofed email address that resembles a legitimate source.

 An existing attachment or link replaced by a malicious version.
 An updated version of an email you have previously received.
 The Dangers of Clone Phishing and Why It's
Important to Be Aware
Clone phishing attacks are dangerous for both businesses and individuals alike,
as they have the potential to harvest extremely sensitive data that can be used
to steal identities or infect entire networks. This can be costly, with credit card
fraud affecting individuals, or multimillion-dollar lawsuits involving large
organizations.
It's imperative to be aware of clone phishing in your daily cybersecurity habits,
as one slip-up could cause a lot of damage. However, there are plenty of signs
to help you stay ahead of attacks and keep you safe from clone phishing
emails.
Signs of a Clone Phishing Attack
The signs of a clone phishing attack are generally more subtle than those of
standard phishing attacks. That's because cyberattackers have worked hard to
make the emails appear more authentic. Just like traditional phishing, you
should be looking for the following:

 Incorrect salutations
 Poor spelling and grammar
 Pixelated images
 Long and strange links
 Promises that are too good to be true
 Time-sensitive subject lines that demand action
 Virus or corruption warmings
 Unfamiliar email addresses that are overly long

How to Prevent Clone Phishing Attacks

Preventing clone phishing attacks first means understanding the definition of
clone phishing — in other words, the fake email will probably look almost
indistinguishable from the real version. Once you are aware of this, you can
take several security steps to double-check that the email you have received is
legitimate and not cloned. These include:

 Double check the sender's address — often, the address may include strings of
numbers and letters that look suspicious.
 Never click on an included link until you have verified the source. You can do
this by hovering over the link to see the URL.
 If an email seems suspicious, follow up with the organization or individual in a
separate email to check its authenticity.
 Always safeguard your credentials and do not give them away quickly or without
first checking they are going to the correct recipient.
 Look for errors that may lead you to believe they are not 100% legitimate.
Cloned emails may do a good job of emulating real emails, but mistakes do
creep in.
 If you need to submit information, always ensure that the websites use the
HTTPS prefix to the URL.
 Conduct regular security training on the dangers of clone phishing attacks and
examples of how they may appear in an individual's inbox.

Tips to Protect Your Business from Clone Phishing

Attacks
Protecting your business from clone phishing attacks should form part of your
general cybersecurity program. As previously mentioned, regular training,
awareness, and education surrounding clone phishing should be given by
trained professionals from within or outside your company. Additionally, there
are some tips you can follow to help protect your business from clone phishing
attacks.

 Always use email encryption when sending the most sensitive information.
 Always scan attachments using antivirus software for malicious code or viruses.
 Verify shared links with other staff members to ensure they are the same and
do not lead to malicious websites.
 Take note of SSL Certificate Errors. Most cyberattackers won't bother to get
proper certificates as they're aware that individuals will not check.
 Be wary of browser plugins, as some cyberattackers can mimic these detection
pages to steal data when they log in.
 Generic error messages instead of custom messages from the website may
indicate that the website is illegitimate.
 Pop-up errors can potentially be employed to extract information from the user if
you haven't checked the address bar for suspicious activity first.

The Bottom Line: Clone Phishing

Clone phishing is the natural evolution of phishing, through spear phishing, with
each iteration of this type of cybersecurity threat becoming more sophisticated
in its attempts to gather sensitive data or access websites and networks. It's
important to stay up to date with the latest types of phishing threats, as it is
likely that they will continue to evolve and become more sophisticated.