One of the types of fraud that financial institutions have been dealing with increasingly is spoofing. What is spoofing? It’s a type of scam where the criminal tries to trick their victim into believing that they are interacting with a source they know and trust. By doing so, they can con their victim into giving away sensitive information that leaves them exposed to further attacks. There are a number of different ways that scammers will attempt spoofing. In this infographic, we will review four types of spoofing: email spoofing, caller ID spoofing, website spoofing, and text message spoofing. Download the full infographic to learn what each type of spoofing is, the dangers of it, and how you can protect yourself.
What it is: An email message sent by a scammer that appears to be from a known and trusted source. Sometimes the name displayed from the email will appear to be from a known source, but when you hover over it, the spam email address appears. Other times, the scammer will make a subtle change to a known email address to make it appear legitimate – like changing an “l” to a “1” or adding a middle initial.
Danger: Will contain malicious links or attachments. Links that are contained in these emails can go to malicious websites that can infect your device or trick you into giving up more information (more on that when we cover website spoofing). Attachments to these emails can install malware on your device, if clicked, causing a series of other issues.
Protect yourself: Never click on links or download email attachments from an unverified source. In fact, it’s better if you never open a spoofed email at all. Check the sender’s email address carefully, be wary of any links or attachments from unknown sources, and consider using an email security service to filter out threats.
What it is: An attacker makes a phone call that appears to be from a known caller. We’ve all received calls from an “unknown number” or one marked “potential spam”, and those are easy to avoid. When the caller ID shows that it’s from a known entity, such as your financial institution, it may not be as obvious that you’re the target of a scam.
Danger: The scammer convinces the victim they represent their financial institution and tricks them into sharing account details. Since the call came from what appears to be their financial institution, the victim is more likely to trust the voice on the other end and divulge the information that they ask for. This gives the criminal access to your financial accounts, and also gives them enough information to cause additional problems.
Protect yourself: If you’re allegedly contacted by your financial institution, and asked to share account details, hang up and contact your bank or credit union directly. Financial institutions will NEVER initiate contact with you and ask for account information. If you are contacted and asked for such information, if you are pressured into acting immediately, or you feel strangely about the call at all, hang up and call your financial institution yourself immediately.
What it is: A scammer creates a bogus site that looks just like a reputable website the victim often visits. Scammers have the ability to make eerily similar copies of websites that most will not notice is a fake until it’s too late. They lead people to these site by posting links online appearing to be from the legitimate site or sending links via email.
Danger: Victims visit the site and unknowingly share their login credentials and/or personal information with scammers. Once the victim has clicked the link and entered the fake site, unless they notice something amiss, they will behave as if it’s the actual site. That means clicking around on different links that potentially have additional dangers behind them, entering personal information, and submitting payment information that they can use to wreak havoc.
Protect yourself: Pay attention to URLs of every site you visit, especially if it’s not from a well-known source. Look out for look-alike URLs of known sites, as well as websites full of typos and spelling errors. Hover over links before clicking on them, as the displayed name can often be different from the actual address you will be brought to.
What it is: A victim receives a text message on their personal device that appears to have been sent by a trusted source. This can be an effective form of spoofing because so many automated text messages from legitimate sources come from shortened 5-digit numbers, and some of them don’t come from the same one every time. If you’re not diligent, it can be easy to fall victim to a text message scam.
Danger: The text will ask the victim to share personal information. Since the message appears to come from a legitimate source, the victim may not think twice about sharing that information. Many of the same dangers apply to text message spoofing that we discussed in caller ID spoofing.
Protect yourself: Never share personal information with an unverified source. Similar to the advice we shared for caller ID spoofing, do not share information with someone saying they are your financial institution if you did not initiate the contact. Once again – financial institutions will NOT initiate contact with you to ask for your personal information. If you are at all suspicious, contact your bank or credit union directly.