By now, most of us are very familiar with the use of "spoofing" as it relates to robocalling and telemarketing. You know, the method by which unwanted callers change their call ID display to reflect a fake identity in hopes of getting you to answer. (No, that's not really The White House calling.) However, many are surprised to find out that this same type of thing can be done online as well. In their never-ending quest to bypass security measures and gain access to your personal data, cyber criminals are now able to cloak complete websites. Meaning, you could be connected to ABC Bank's website -- and actually be seeing ABC's website in your browser address bar -- but not be connected to the bank's actual website. How is this possible? Well, to understand that, you'll first need to understand DNS.
DNS stands for Domain Name System and is the translation of human-readable web addresses such as microvisionsinc.com into IP addresses such as 104.236.110.149.
As humans, we are used to identifying things by name rather than number. We refer to our buddy in accounting as Joe, rather than "6127" which is his phone extension. We can't type "Joe" into the phone, so we punch in 6127 which the phone understands and uses to connect us with Joe. And, if we don't know someone's extension, we can always just look it up on the company directory. Outside of work, if we need to call someone and don't know their number, we can use the phone book.
Think of DNS in the exact same way. On the Internet, we remember websites by their domain names; microvisionsinc.com, google.com, abcbank.com, etc. But just like the phone, our computers use a different language.. All devices that connect to the Internet use the "Internet language" called the Internet protocol(IP). Therefore, every location on the Internet is assigned a unique 12-digit IP address similar to a street address or a phone number. Microvisionsinc.com is located at the IP address 104.236.110.149. When we type a domain such as microvisionsinc.com into our web browser's address bar, it must then be translated to the associated IP address. This is done behind the scenes by a DNS server. Your computer contacts your current DNS server and asks what the IP address is for microvisionsinc. The DNS server returns the IP address of 104.236.110.149, and your computer is seamlessly connected to our site. This process takes place all over the world millions of times every day.
For most, the DNS servers used are those provided by their Internet Service Provider (ISP). Some viruses and malware, however, have the ability to change the DNS server that you use to one that is operated by a hacker or a malicious organization. This malicious DNS could then point sites to incorrect IP addresses run by cyber criminals. That means that you could think you're connected to your bank's legitimate site, but in fact be connected to a fake site set up to capture your login credentials and steal your money.
Protecting Yourself
To ensure that this doesn't happen to you, make sure you are always running a trustworthy anti-virus solution and keep it up to date. Also, be on the lookout for signs of illegitimate sites including obvious spelling errors, low quality graphics, and security certificate errors.
Additionally, you can take greater control of your web security by designating a credible DNS provider. As we mentioned earlier, most people and small businesses utilize their ISP's default DNS server. Unfortunately, your ISP's job is merely to make the connection for you. It doesn't measure the integrity of IP addresses, and it does not block your connection to harmful sites or content. Designating a trustworthy source to manage your DNS can keep you from ever visiting these malicious sites, thereby preventing damage and financial loss before it can occur.
Interested in learning more about the tools and tactics available to safeguard your company's Internet experience?
For additional tips and tech news delivered right to your inbox, SIGN UP FOR OUR NEWSLETTER.
