DNS Spoofing What To Look For
Nancy Patterson - August 13, 2020
Let’s set the scene – you’ve had a pretty long week. It’s Friday but you seeing as how the yard still needs to be done this weekend it’s not as if you have a break ahead of you. You manage to pull yourself out of bed, grab a cup of coffee and sit down in front of your computer to check your email (because all of us have tons of people sending us tons of email every night while we are asleep, but we are creatures of habit after all). Looks like your bank has sent you an email the a pretty troubling subject line that indicates there might be something wrong with your checking account.
The bad news is, you are just not as guarded right now as you typically would be had you seen this with fresh eyes. The bad news is this email isn’t from your bank at all, and the link you clicked maybe look very legitimate and the site looks very real, the information they had you entered is now in the hands of thieves who will undoubtedly use your information for their own evil purposes. Also referred to as a DNS cache poison, this type of cyber-attack is particularly troublesome for those of us who are not vigilant.
DNS Spoofing / DNS Cache Poisoning
Alright so what is a DNS? DNS stands for Domain Name Server. This is what the servers use to route you to the correct IP address of your website. For instance when you type in www.CheckPeople.com it takes you to the correct IP address so you can access the relevant website without having to memorize a whole string of numbers in order to dial up the appropriate content you are looking for.
This happens when a person with ill intent is able to get false information put into the DNS cache (a temporary database that stores information), so you are then redirected to the thief’s servers instead. Once they get a DNS to put in the wrong information the rest is easy. They just need to emulate the website in question on their own server and boom you’ll never know the difference.
These sites will get your guard down and request you fill out a number of forms with your personal data, and once you do it, it cannot be undone the thieves now have your information. Trying to figure out where or when someone got your data when employing these techniques is almost impossible as you likely didn’t even log it in your mind as abnormal.
To make things even worse they can even attempt to install malware on your machine once you have visited their website.
How Can I Protect Myself?
Well to be perfectly honest there really isn’t much you CAN do when it comes to preventing DNS spoofing attacks as a typical website visitor. It really is up to the owner of each website to stay vigilant and ensure their information is correct and pointing correctly.
There are however a few things that you can do to get proactive against these kinds of attacks. There is a browser plugin called ‘HTTPS everywhere’ that will warn you when you are on a site that has been flagged. Another good way to ensure everything is legitimate is to make sure the lock icon next to the URL is locked and the data matches the site. This isn’t foolproof but often can be a good signal.
Always making sure you know what links you are clicking on and where they take you will help to ensure your safety as well. If Chase Bank contacts you and they want you to connect to chase123.com instead of their normal chase.com than you are likely looking at a scammers email. If something seems a little off nobody will fault you for giving the bank a call directly. If they really need something from you, they aren’t going to tell you to get off the phone and back to that email. Talking to a human being can be a lot more comforting.
Knowing what to look for is key to avoiding being taken advantage of. Identity theft is a very real and very prosperous industry. They don’t need your money, so let’s keep it with you.