Spoofing

Spoofing refers to disguising an email address, contact information, phone number, or website URL to convince the victim they are interacting with a trusted source.

​

Trusted source is a board term, and can refer law enforcement, government agencies, financial institutions, companies you regularly do business with, and even friends and family.

​

Methods for spoofing vary. In some instances, software and special programming is used to hide the scammer’s identity and mask the contact information. It may also involve changing a single letter, number, or symbol in the contact information (e.g. depending on the font, you could interchange a lowercase l, uppercase I, or the number 1). Scammers are hoping you will only glance at or skim the contact information and miss the change.

​

Like most scams we see, the goal is to manipulate the victim into trusting the spoofed communication and lead you to download malware on your device, send money (usually via wire transfer, money order, or gift card) or disclose sensitive personal information.

​

Phishing

Phishing scams work hand-in-hand with spoofing. The specific purpose of phishing is to trick the victim into revealing sensitive personal information.

​

Most often, you will receive a seemingly safe URL link. This link usually looks very legitimate and may even be a clone of the real site. Once you click this link, however, you reach a spoofed site (e.g. a financial institution or credit card site) and you’re asked to enter private information. Phishing can be used to collect passwords, credit and debit card numbers, account numbers, and PINs.

​

Phishing can take place on any device with internet access and come in the form of phone calls, text messages, social media sites, and malware on your device.

​

How to Protect Yourself:

• Be suspicious anytime you are contacted and asked for a username or password. Financial institutions and credit card companies in particular will never contact you and request this information.

• Never give out any personal or payment information to anyone making contact.

• Scrutinize any emails you receive for spelling or grammar issues. Never click on a link or attachment from an unfamiliar or unexpected email.

• If you receive a call, text, or email that you think may be legitimate, take the initiative to contact the sender directly. Do not use any callback number, email, or URL link to verify a source. Instead, locate the confirmed contact information in separate search of your own and discuss the notice you received. Law enforcement and government agencies will be able to tell you definitively if the notice is legitimate.

• Set up two-factor authentication wherever possible and be sure not to disable it.

• Be mindful of the personal information you share online. Even seemingly harmless details like the names of your pets, the schools you’ve attended, or even your birthday can aid scammers in guessing your password or answering your security questions.