Spoofing

Spoofing refers to a malicious action consisting in usurping all or part of the identity of a natural or legal person, in order to obtain an illegitimate advantage.

Spoofing can constitute an offence of identity theft under the French Penal Code.

It generally consists in the usurpation of an address or a number: IP address, MAC address, e-mail address, telephone number, geographical coordinates…

DNS servers can also be spoofed by corrupting certain information, allowing the perpetrator to redirect Internet users to a third-party website or to intercept e-mail communications associated with the domain name concerned.

Spoofing can be used in phishing operations or other forms of scams, including “president scams”.

In its least complex form, spoofing can be the use of cybersquatted or typosquatted domain names.

In its most complex forms, spoofing can be used to prepare for larger-scale computer attacks, including :

• Intercept communications between multiple people;
• Infecting systems;
• Engage in denial of service attacks.

If spoofing is generally part of illegal actions and punishable by law, it can also be constituted by the simple use of a VPN allowing the Internet user to usurp geolocation information and thus access services that would not be accessible from his real location.

The development of technologies allows spoofing to be extended to new means, such as the usurpation of the voice, but also of the image of people, within the framework of the deepfake or hypertrucage technology.

Update on criminal sanctions

“The fact of usurping the identity of a third party or of using one or more data of any kind allowing to identify him in order to disturb his peace or that of others, or to harm his honor or his consideration, is punishable by one year of imprisonment and a fine of 15 000 €.

This offence is punishable by the same penalties when committed on an online public communication network.

When committed by the victim’s spouse or partner or by the partner bound to the victim by a civil solidarity pact, these acts are punishable by two years’ imprisonment and a fine of 30,000 euros.”

Article 226-4-1 of the french Penal Code

Case law focus

The “Autorité de régulation des communications électroniques et des postes” (French regulatory authority for electronic communications and postal services) was able to point out that :

“The possibility of displaying a number distinct from that of the calling station can also be used to prevent the subscriber from recognizing a number, which he would associate with unwanted calls, and not picking up. It has been observed that too many operators who carry out commercial telephone canvassing, either on their own account or on a subcontracting basis, display spoofed numbers, i.e. numbers that have not been assigned to them by an operator. These numbers may or may not be assigned to a subscriber. They can be determined randomly, via certain applications or software. This practice is called “spoofing”. This illegal practice makes it particularly difficult to identify companies that do not intend to respect the choice made by subscribers via the Bloctel list – or issuers of fraudulent calls inciting to call a premium rate number.”

ARCEP, July 11, 2019, No. 19-0954

The Bouchara firm assists you in particular in :

• Detection of spoofing acts;
• Judicial and extra-judicial proceedings relating to domain names (SYRELI, UDRPcnDRP, ukDRP…);
• The strategization of ;
• Domain name registration
• Negotiating and buying back domain names registered in confidence;
• The implementation of backorders.