What is URL spoofing?

Protecting Yourself from URL Spoofing: Understanding the Risks and Defending Against Cyber Attacks

A spoofed URL is a fake link that has been made to look legitimate in order to trick you and steal your data. Sometimes, just clicking on a spoofed URL is enough to infect your device with malware. Other times, the website will be designed to look identical to the one you trust, so you'll have the confidence to enter sensitive information and credentials such as your email, password, or home address. However, your data will instead be sent directly to the hacker, who can then use it for financial gain and data and identity theft.

Spoofed domains need traffic in order to work. As such, they are usually distributed via phishing attacks, which are typical links sent by email or SMS to large numbers of people. The link will usually be accompanied by a message claiming that there's a great value deal or a discount to be had, in order to encourage you to click on the link.

Different Types of Common Domain Spoofing Attacks:

Malicious Hyperlinks

Malicious hyperlinks will commonly be linked to buttons or words within phishing emails or SMS messages. The cyberattacker’s aim here is to have users click on the link in order to get redirected to a malicious website, which can then install a virus or malware on their device. Malicious hyperlinks are common tools used within web spoofing attacks.

Misspelled Links

Hackers will design emails or SMS messages to look like they come from verifiable trusted sources or websites. Sometimes this is done very cleverly and is difficult to recognize. As a hypothetical example, a hacker could set out to imitate a user receiving an email from Apple, asking them to confirm their payment details. When the user displays the link URL, they could see a similar URL to apple.com, except it shows ‘appl3.com’ or ‘aaple.com’.

Non-Latin Characters

URLs with non-Latin characters are especially challenging to detect with the naked eye. Now that new scripts can be used to register domains, cybercriminals can use non-Latin characters to create spoofed URLs using accents, glyphs, etc. Although some letters look just like their Latin counterparts, the internet will recognize them as entirely different characters and will allow hackers to register a new domain. So users will enter a malicious site without realizing it, instead of a legitimate one. An example of spoofing with non-Latin characters was made public in 2017 by cybersecurity researcher Xudong Zheng.

URL Shorteners

Another URL spoofing method is using URL shorteners to masquerade as malicious links or fake domains. Short links are a great solution for social media sites that limit characters, for example, but threat actors can take advantage of these link shorteners as well. Because URL shorteners, such as bit.ly, hide the original URL, it’s easy for a cyberattacker to conduct website spoofing and domain phishing.

Extension Spoofing

Extension spoofing is the act of hiding the true nature of a malicious computer file with a specific technique. The cyber attacker is banking on the fact that the user will mistake it for a harmless text file when in reality it’s malware that can cause damage to their device. File extensions are usually hidden, so if a cyber attacker names an executable file as, for example, file.txt.exe, it will instead be shown as file.txt.

Notable Examples of Spoofing Attacks and Spoof Domains

There have been notorious spoofing attacks in recent history that have cost individuals and companies greatly:

In October of 2022, attackers were caught spoofing Google Translate with a phishing campaign that uses a common JavaScript coding technique to bypass email security scanners.

A credential-stealing attack that spoofed LinkedIn and targeted a national travel organization got past Google’s email security controls.

It was found in 2021 that two large phishing attacks spoofed emails from FedEx and DHL Express in an attempt to steal their targets’ business email credentials.

Instacart had to patch a bug in 2020 that would have let attackers spoof SMS messages containing malicious links to any mobile number.

Recent data has shown that email spoofing is the most popular method, with an astounding 3.1 billion spoofed emails sent every day.

How to Protect Yourself Against Spoofed Domains and Spoofed Websites

Consider the Source

Phishing attacks are a very common way of distributing email domain spoofing attacks. More often than not, if you receive an offer for something via email or SMS that feels too good to be true, it usually is. You can also keep an eye out for news about the latest scams and cyber attacks to stay up to date on what common threats are out there.

Bookmark Frequently Visited or Important Websites

Most web browsers today have bookmark functionality that allows users to save URLs as bookmarks. Bookmarking websites is a great way to avoid website spoofing as it ensures the correct URL you would like to visit is loaded each time. Take the time to save any data-sensitive websites, such as finance or education-related websites, as bookmarks.

Pay Close Attention to the URL

Whether it be misspelling links or hyperlinking malicious links into bodies of text, a cyberattacker’s aim is to get users to click on the link to get redirected to a malicious website which can then install a virus or malware on their device. Users can simply hover over hyperlinked text or right-click on the link to view its URL. If it doesn't appear legitimate, don’t click on it.

SSL Certificates

An SSL certificate is a text file that’s used to identify a website. The SSL certificate helps to encrypt incoming and outgoing traffic to the website. These SSL certificates are typically awarded to domains by external certificate authorities who make sure that the domain is legitimate. Most official domains will have SSL certificates these days, so they are a good indicator that a webpage can be trusted.

Don’t Respond to Spam Messages

Responding to spam emails or text messages can do you more harm than good. Spam messages are usually sent out to a wide number of people, and the attackers might not even know if an email or phone number is connected to a real person. By responding to their message, you are confirming that your details are correct and you will potentially receive more spam or malicious messages in the future.

URL spoofing FAQs

What is url spoofing?

Url spoofing is a type of cybersecurity attack where attackers use fake or altered URLs to trick users into thinking they are on a legitimate website. It can be used to steal sensitive information or spread malware.

How does url spoofing work?

Url spoofing works by using a fake or altered URL that looks similar to the legitimate URL of a website. This can be done through various methods such as phishing emails, social engineering, or using malicious software to redirect users to a fake website.

What can I do to protect myself from url spoofing?

To protect yourself from url spoofing, you can use antivirus software that can detect and block malicious websites. It is also important to be cautious when clicking on links in emails or on websites, and to verify the legitimacy of the website before entering any sensitive information.

What are some signs that a website may be a victim of url spoofing?

Some signs that a website may be a victim of url spoofing include the website appearing slightly different than usual, such as a different header or footer, or the URL being slightly altered from the legitimate URL. Other signs may include pop-ups or unexpected redirects. It is important to exit out of the website immediately if you suspect it may be a victim of url spoofing.