What is DNS Spoofing? How You Can Avoid It

Michelle Wilson - September 2, 2020

Domain Name Server (DNS) spoofing (a.k.a. DNS cache poisoning) is an attack in which altered DNS records are used to redirect online traffic to a fraudulent website that resembles its intended destination.

A common example of this attack is receiving an e-mail from what SEEMS like it’s your bank. The e-mail says if you don’t login immediately, or update your password, something bad will happen to your account. This prompts you to click a malicious link and enter your information. This gives the perpetrator the opportunity to steal your credentials and your other information. That same type of website can also be used to install keyloggers or viruses on your computer, giving the thief access to everything that you do.

What is DNS Spoofing?

DNS cache poisoning/spoofing is a cyber-attack that tricks your computer into thinking it’s going to the correct address, but it’s not. Attackers use DNS cache poisoning to hijack internet traffic and steal user credentials or personal data. DNS spoofing happens when fake data is introduced into the DNS resolver’s cache, which in turn causes the server to return an incorrect IP address.

The DNS resolver answers with the IP address, which is taken from the web server, and thus the website is loaded in more simple terms, these types of attacks exploit weak points in domain name servers and redirect traffic towards illegitimate websites. The thief tries to choose sites that they believe the victim is more likely to log into. These can include sites of banking and financial institutions, insurance providers, health-related organizations, and government, as well as restricted sites.

DNS cache poisoning attacks are sneaky and difficult to catch for average people. If an attack like this is successful, it can have dire consequences to its victims. They can direct you to a website that looks exactly like your bank site, and then get your personal information that way. With that information they can take all of your funds or open up brand new accounts using your information.

How can You Avoid Being a Victim?

Detecting whether your DNS server has been tampered with or you’ve been infected with DNS changer malware can be difficult. The majority of us don’t usually check our DNS settings, and its very possible that only a few of them have been affected, so you won’t see any major changes in your computer. Plus, it’s actually the responsibility of the website and network owners to prevent these types of attacks.

However, don’t think all hope is lost. There are a few things that you can do to protect yourself ad an individual from DNS spoofing.

1. Always make sure the website you are going to is HTTPS, which means it’s secure. You can even install a browser plugin like HTTPS Everywhere that will warn you if you are going to a dangerous site. You can also check that a site is secure by looking for the little lock icon at the top left side of your browser, right by the URL
2. Remain aware of what links you are clicking on links from emails or ads. When I get a phishing or suspicious email, I’ll actually open up another tab and go directly to the site itself to see if I have any messages. You can also hover over the link with your mouse BEFORE clicking on it, to see what the URL is. If it pops up as something other than the site you always use, don’t click it!
3. You can use a reserve email search service to see if this is a legit company.
4. Use your common sense. If you get an e-mail from an institution you have no affiliation with, you know it’s fake. Common institutions will NEVER ask for your personal information through email or the phone. All government agencies and financial companies will most likely contact you by paper mail.
5. Call and ask! This is the easiest way to tell if the email is a scam. Call the direct number to your bank or governmental institution and speak to someone and ask if there is any suspicious activity on your account. They should be able to assure you that everything is okay and may even ask for the email address the scam email came from to add to their watch list.