DNS spoofing (also called DNS cache poisoning) tricks your computer into visiting fake websites by intercepting or faking the responses from domain name system servers. When you type a web address, your device asks a DNS server 'what's the IP address for this domain?' An attacker can intercept that request or compromise the DNS server itself, sending back false IP addresses that point to malicious sites instead.
Why this matters: DNS spoofing is dangerous because users see the correct web address in their browser bar but are actually on a fake site. Attackers harvest login credentials, install malware, or steal financial information. You might think you're visiting your bank, but you're actually on a convincing fake.
How it happens: Attackers can poison DNS caches on routers, intercept unencrypted DNS queries, or compromise vulnerable DNS servers. Home wifi networks and public wifi are particularly vulnerable because their DNS traffic often travels unencrypted.
Common scenarios:
- Man-in-the-middle attacks on unsecured networks where attackers intercept DNS requests
- Compromised DNS servers returning fraudulent responses to thousands of users
- Malware on your device that modifies your local DNS settings
- Router hijacking where attackers change the DNS server your device uses
What you can do: Use DNS services that support encryption like DNS over HTTPS (DoH) or DNS over TLS (DoT). These prevent attackers from seeing or modifying your DNS requests. Check your router's DNS settings regularly and change default passwords. Use a virtual private network (VPN) on public wifi. Keep your device and router firmware updated, as patches close known vulnerabilities.