Election Security Spotlight – Spoofing
What it is
Spoofing occurs when cyber threat actors seek to disguise their true identity by falsifying the sender of the message in order to trick the recipient into believing the communication is from someone else. Cyber threat actors commonly spoof electronic communications from the targeted organization or a trusted partner in an attempt to illicitly extract information from a recipient, harvest user login credentials, commit fraud or deliver malware. In information security, there are two common spoofing techniques, which can be used individually or in combination.
- Email Spoofing – forges the header information or “from” line displayed in an email to mask the true identity of the sender. Emails using this technique often include messages, signature lines, and logos related to the spoofed entity. This is common in phishing and spear phishing emails.
- Telephone Number and Caller ID Spoofing – forges the telephone number or caller ID displayed on incoming telephone calls and text messages.
- (800) 555-1234 is spoofed to look like the EI-ISAC SOC caller ID 1 (866) 787-4722
Why does it matter
Spoofing increases the difficulty of identifying malicious activity in electronic communication because the true identity of the sender is only noticeable upon close inspection. This technique may result in haphazard handling of malicious electronic correspondence and lead to targeted entities accidentally divulging sensitive information, compromising their login credentials, or infecting systems with malware. Cyber threat actors routinely use spoofing techniques to mask their identity and increase the likelihood of a successful attack.
For example, spoofing is used to successfully fuel Business Email Compromise (BEC) scams. In these scams, cyber threat actors use spoofed email addresses to send emails that attempt to deceive recipients into sending money or personally identifiable information (PII), or that use an organization’s name to fraudulently obtain material goods. BEC scams are associated with significant data or financial loss among affected governments.
What can you do
Consider implementing a standardized protocol for handling suspicious emails that include a reporting mechanism and a designated point of contact. In addition, training employees to recognize and avoid spoofing techniques is critical. Users should not rely on the sender’s listed name and email address to prove the identity of the sender. Instead, when replying with sensitive information or taking other actions based on a communication, make it a practice to verify the originator’s information through another method, like a phone call to confirm the request. Organizations may also want to consider implementing banners that mark external emails in the body of the email to encourage employees to review requests carefully and identify potential spoofing of internal staff.
The EI-ISAC Cybersecurity Spotlight is a practical explanation of a common cybersecurity concept, event, or practice and its application to Elections Infrastructure security. It is intended to provide EI-ISAC members with a working understanding of common technical topics in the cybersecurity industry. If you would like to request a specific term or practice that may be of interest to the elections community, please contact [email protected].