It’s not a threat that everyone has heard of, like phishing or a computer virus, but IP spoofing is a rapidly accelerating problem. In the online gaming and gambling industries, IP spoofing attacks have increased by 257% year-on-year, making them both the fastest growing and the most prevalent cyber attack type in that area. They’re also a common choice of attack in mobile banking fraud.
But what does IP spoofing actually involve, and are there ways to stop it from happening to you? There are a few main types of cyber attack that can be carried out using spoof IP addresses, so let’s take a look at the nature of IP spoofs, what they are and how to avoid them.
Why fake an IP address?
IP spoofing is sometimes referred to as IP address forgery, and at its essence, is a process whereby attackers hide their true IP address and impersonate other computer systems.
This isn’t as low-key as simply using an alternate IP address to watch international Netflix, or to access blocked social media sites while you’re at work. Cyber criminals can use spoofed IPs to carry out multiple activities, with the results ranging from monetary theft to shutting down whole computer networks.
During IP spoofing, a hacker uses tools to modify the address that data appears to be sent from. This makes the receiving computer think it is from a trusted source – rather than a malicious third party. Because attacks are carried out under stolen and impersonated IPs, which would otherwise show which device and location the attack had come from, catching the culprits can be almost impossible.
Online gaming and gambling are areas that have become key targets because of the constant flow of money being transferred as part of the process. Using spoofed IPs, attackers can intervene with anything from simply editing payment account details to full identity theft.
Man-in-The-Middle (MiTM) attacks
MiTM attacks are starting to gain notoriety, in part because they’re the attack of choice for hackers looking to commit mobile banking fraud. These are a prime example of IP spoofing, whereby a malicious third party intervenes in the transfer of data between two computers and impersonates either end of the exchange.
Some MiTM attacks are as simple as a hacker intercepting an email and editing its content before sending it on its way, cloaked in the IP of the original sender. In conveyancing fraud, for example, a hacker typically intercepts messages sent by solicitors to their clients – amending payment details for the transfer of funds, before allowing the email to continue on its original path.
When money changes hands online, MiTM attacks can mean the difference between your payment arriving safely at its destination, or being instantly stolen without a trace. For the millions of people around the world placing online bets and hoping to rake in the winnings, payments in either direction can simply disappear.
Distributed Denial of Service (DDoS) attacks
DDoS attacks are probably the best-known type of IP spoofing event, and while they aren’t usually designed to steal money, their financial impact can still be huge.
A Distributed Denial of Service attack works by flooding attacked systems with traffic requests – it’s often something carried out to distract from other criminal activity, like data theft or network infiltration. But DDoS attacks have crashed servers everywhere from independent websites to the Bank of America, and because of IP spoofing, they’re incredibly difficult to stop.
Victims of DDoS attacks will have servers taken down by thousands of IP addresses all trying to access their site simultaneously, overwhelming systems to the point that they crash. Ordinarily, you would block the IP address of any malicious party trying to deliberately damage your network – but when hundreds and thousands of IP addresses are simply being impersonated, and can easily be replaced with additional spoof IPs, attempts to stop or trace the attack can become futile.
DDoS attacks are generally aimed at companies rather than individuals, but that’s not to say that your personal IP address couldn’t wind up being spoofed and involved in the crime.
Bypassing authentication
Many workplaces will only allow access to certain files and data to people on particular IP addresses – for example, those requesting access through the office’s secure WiFi network. Home workers who have tried to access IP-locked files and systems from home will be well aware of this security detail, and may see another way in which IP spoofing can be used for malicious activities.
Figuring out the IP address of a particular organisation’s WiFi routers isn’t as difficult as you might expect, and if a third party spoofs an IP that has permission to access sensitive data, it’s no effort at all to do just that. Worse still, attempts to trace the user who has stolen, removed or damaged data will be hindered by the recurring problem: with no legitimate IP address to trace, it’s just about impossible to find out who did it.
While this is most commonly an issue in corporate networks, bear in mind that it can affect home networks too. If you’ve set up network sharing between your devices and a hacker spoofs the IP of one such device, they’ll gain access to anything you were intending to keep within family reach.
Protection against IP forgery
If you’re worried about people spoofing your IP, whether in a professional or personal context, there are steps you can take to stay protected.
Installing a Virtual Private Network (VPN) app across your devices is a good place to start, as it will mask your IP and allow you to browse the internet anonymously. In instances such as Man-in-The-Middle attacks, they also add a layer of end-to-end encryption which means that even if an attacker does intercept your connection, they won’t be able to decipher or alter anything you’re sending and receiving. This, in addition to the fact they can’t spoof your real IP, is a serious security bonus.
If you’re using a VPN for the first time and want to be sure that your IP is hidden, use a tool like HMA!’s IP address checker to see whether your IP changes after the VPN connection is activated.
Setting up two-factor authentication (2FA) is also a good idea, whether it’s on your personal devices and home network or at your workplace. That way, if someone attempts to access something they shouldn’t using a fraudulent IP address, they’ll be stopped by the need for additional security details before they can proceed.
Good VPNs can cost very little, and 2FA can be enabled free of charge on most devices, email clients and other online services. IP spoofing may be on the rise, but by taking a few precautions there’s no reason to become a victim.