Typ kybernetického útoku, který spočívá v přesměrování nebo manipulaci se systémem DNS za účelem přesměrování uživatelů na falešné nebo škodlivé webové stránky nebo za účelem zachycení komunikace a kradení dat.

What is DNS spoofing?

DNS spoofing — also known as DNS cache poisoning—is a type of cyberattack in which an attacker manipulates the Domain Name System (DNS) so that users are redirected to fake or malicious websites. Instead of loading the real site (e.g., www.bankazk.cz), the user unknowingly lands on a clone controlled by the attacker. The fake site may look identical to the real one but is designed to steal credentials, inject malware, or capture sensitive data.

How DNS spoofing appears in practice

How DNS spoofing appears in practice:

• An employee types in the address of the company e-shop but is secretly redirected to a fraudulent look-alike.
• A user logs in to their corporate email—on a spoofed login page—and gives away credentials.
• Customers are tricked into submitting personal data or credit card numbers on a cloned website.
• Internal network traffic is intercepted and redirected by an attacker to exfiltrate data or deliver malware.

DNS Spoofing is especially dangerous because it often leaves no visible signs. The domain name looks right. The page feels familiar. But the danger lies beneath the surface.

How DNS spoofing and related terms

• DNS Spoofing: Attacker forges DNS responses to redirect users to false IP addresses.
• Phishing: Users are tricked—typically via email—into clicking malicious links.
• Man-in-the-Middle (MitM): Attacker secretly intercepts or alters communication between two parties.

DNS Spoofing is a network-level attack, typically invisible to the user and requiring no action on their part. It’s often used as a gateway to more complex attacks like phishing or malware delivery.

How to protect your business from DNS spoofing

Recommended steps:

1. Enable DNSSEC (Domain Name System Security Extensions) – ensures DNS responses are validated.
2. Monitor DNS traffic – detect unusual patterns or suspicious redirections.
3. Secure and update DNS servers – apply patches, limit access, and monitor changes.
4. Educate employees – teach them how to recognize spoofed sites and verify SSL/TLS certificates.
5. Use threat intelligence tools – detect domain abuse and manipulation early.

Businesses often assume DNS “just works” and overlook it in their security posture. That makes it a soft target. Even small firms can be exploited as part of a larger attack chain. Prevention is cheaper than losing credentials, money, or customer trust.