What is IP Address Spoofing?
IP address spoofing is the process of making IP packets to hide the true identity of an email or file sender. Even if it has some legitimate purpose, spoofing is considered unethical. Because it often uses to harvest the personal information like: account and financial information, without the permission of the owner.
Normally, all data transfer across the Internet, will have sender and receiver’s IP address. It is similar to postal mail where there is deliver address and return address. In the case of spoofing, the IP address of sender is substituted with a fake or spoofed address, this makes it difficult to trace the source (or sender) address where is the data is sending from.
One example of IP address spoofing is the using of email to send out and makes it appear to be from some companies (such banks, Credit Card companies) or organizations that recipient knows and trusts. But, actually, it is from the unknown source.
Then in the spoofed email, they tell that: 1) the recipient’s account with the company has problem, and 2) they provide a link in that email to open a web page. Upon clicking on the link, it will bring the recipient to a fake page (but it appears to be official page), and they ask the recipient to enter username, password, and other personal information.
By using spoofing, the originator of the spoofing email can collect data and other login information. They might break into using the email account of recipient or other personal information such bank account or Credit Card for their purpose. The spoofed victim usually does not realize until their bank account is drained or unauthorized credit card charge appeared.
Most companies such banks or Credit Card companies, warned their clients not to open email and click on the link to do any form of business. In case, these companies send out legitimate email to clients, they recommend their client to open a new web browser and enter business web site directly. This way will effectively by-pass the IP spoofing scheme and avoid falling victim by revealing personal information to unknown source.