What is Spoofing?
Basically, a scammer duplicates legitimate contact information. Then they use it to impersonate the actual owner, with the hopes of establishing trust and getting people to respond as desired.
There are a variety of things that can be vulnerable to spoofing. The following types are the most common:
With this kind of spoofing, a scammer replaces their actual email address with a fake one. The new address looks official and familiar–like a recipient’s bank, a friend, an employer, etc.–somewhere that a recipient would trust.
This spoofed email address is often paired with a compelling subject line and body content. The goal? Often, it is to get the recipient to complete a wire transfer or to enter his or her log-in information somewhere, under the pretense of confirming it and/or their identity. Then, the scammer disappears with the money or uses the information to steal the recipient’s identity.
Website spoofing is a complex and highly sophisticated technique. It involves replicating just about everything from a legitimate website–logos, images, content, etc.–to get users to believe they are actually logging in or otherwise sharing sensitive information on an official site.
Redirecting users to this fake site often involves the use of what’s called DNS spoofing. DNS servers can cache individual addresses, which scammers can then manipulate to redirect someone.
This approach also often needs an introductory scam, such as a spoofed email, to get a person to click on the faux web address to begin with.
Caller ID Spoofing
That number may look familiar, but is it really someone you know? Scammers now have the technology and know-how to manipulate the information being transferred to a person’s caller id. It could either be a number belonging to someone you know, a business, or just some compelling mystery number.
For example, a scammer may call from somewhere across the country from you. However, they spoof the number of someplace local to you so that least the area code lines up. That much familiarity can be intriguing, and it makes it more tempting to answer.
What do these scammers want? They either want to hook you into giving over money or personal information by impersonating a person of authority. Or they might just want you to say “yes” or “no,” which can be used to get past voice recognition applications.
This is similar to caller id spoofing. However, in this case, the SMS identity codes that companies often use may not look like a standard phone number. A scammer can easily spoof that code and attach a legitimate company’s name to get you to click on a link. Doing so can give the scammer access to the device that’s being used, as well as all the information available on it.
How to Protect Yourself from Spoofing
When it comes to email spoofing, pay attention to the type of content and decide if it matches up with the sender you know. Much like you would any phishing email, also note the grammar, and hover your cursor over any links to make sure that they’re actually going to real URLs.
For website spoofing, check to see if there’s a padlock icon next to the URL. If there isn’t one, the site has not been verified as secure and could very well be a fake. Make sure the address that’s shown matches the actual URL.
With caller id spoofing, your best rule of thumb is to just not answer calls from an unknown number. Let it go to voicemail. (If it’s a scammer, they probably won’t leave a message.) Use a reverse phone lookup to research the phone number and find out who the owner actually is. The same search may also be able to tell you if the number is a known spam risk. You can use the same approach with text message spoofing as well.
If you do answer a call from an unknown number, and the caller presents him or herself as a government official, bank representative or someone else of authority, hang up right away and then contact the department or company directly. In these cases, you will more often than not get mailed correspondence long before any verbal requests are made.
With any of these kinds of spoofing, another smart course of defense is to reach out directly to the supposed person or business at the other end. If you find some correspondence suspicious, follow up using alternate means. When you can avoid engaging with a scammer, they have no power over you.
Image credit: znakki – www.shutterstock.comTags: Email Lookup, Reverse Phone Lookup, Scammer
Categorized in: Scams