What is Spoofing?
Spoofing is the criminal act of disguising a communication from an unknown source to appear as if it’s being sent from a trusted and known contact. The goal of spoofing is to get the target to share their sensitive information and/or their money with the scammer. For example, a spoofer may pretend to represent a victim’s credit card company and lead them into sharing their account details.
Types of Spoofing
Cybercriminals have a variety of ways to pull off their spoofing. Here are the more common forms:
1. Email spoofing is when an attacker sends an email message that appears to be from a known or trusted source. The emails often include links to harmful websites or attachments that will infect the victim’s device.
2. IP spoofing is when an attacker tries to gain access to a system by sending messages via a bogus or spoofed ID address appearing to be from a recognized, trusted source, such as one on the same internal computer network.
3. Caller ID spoofing is when attackers make a phone call to a target that appears to be from a known caller. The scammer will often pose as the victim’s bank or credit union. The victim, believing they are speaking with a representative of their financial institution, will not hesitate to disclose their account information and passwords.
4. Facial spoofing is this most recent form of spoofing. A scammer uses a photo or video of a target’s face to simulate their facial biometrics. This enables them to unlock accounts that can only be opened by facial recognition.
5. Website spoofing is when a scammer creates a bogus site that looks just like a reputable site the victim frequents. Attackers lure victims to this site to steal their login credentials and personal info.
6. Text-message spoofing, also known as smishing, is when a victim gets a text message on their personal device that appears to have been sent from a trusted source, such as the victim’s financial institution, place of work or doctor’s office.
7. Deepfakes and spoofing is a relatively new and dangerous tool for spoofers. A deepfake is a fake image, video or audio clip that has been edited to appear authentic. For example, a scammer may create a deepfake video using an image and audio recording of a celebrity to make it appear as if they are telling you to open a link or support a specific cause.
Protect Yourself
Spoofing is a formidable danger for consumers across the economic spectrum, but with the right tools and knowledge, you can avoid falling victim to these scams. Here’s how to protect yourself from a spoofing attack:
- Turn on your email’s spam filter and mark incoming suspicious emails as spam.
- Use two-factor authentication and/or biometric logins when possible.
- Use strong, unique passwords across all your accounts.
- Make sure your device’s security system is at its strongest setting and uses the most updated patches.
- Never click on links or open attachments from an unverified source.
- Never share personal information online or over the phone with an unknown contact.
If you believe you have been targeted by a spoofing scam, there are steps you can take to mitigate the damage.
First, report the scam to your financial institution if you gave our personal information. Next, alert the FTC at ftc.gov so they can do their part in catching the criminals. Finally, let your local law enforcement agencies know about the scam. More fraud resources can be found by clicking here.
