Written by: Jack Loomis, Cyber Security Specialist
Spoofing is a term that may be familiar, even out of the scope of the technological world. It’s a term that’s used to describe something that’s made to look like another thing. Unfortunately, in the tech world, spoofing usually has a much more negative connotation to it. Today, we’re going to look at a few different types of spoofing that’s out there in the wild and provide some tips on how to handle them.
Email spoofing is something that we’ve talked about before, but it’s always worth mentioning, as techniques are always being refined by attackers to make these spoofed emails harder to notice:
- Pay close attention to the sender’s address of the email. Usually, an attacker will attempt to match a legitimate sender as closely as possible. This is done by either omitting a letter inconspicuously, or some other small change that they hope you won’t notice. Look for misspelled words, or just generally something that doesn’t look right.
- Watch out for those emails that are prompting you to make a change right away. The sense of urgency created in these emails are usually purposefully done to reduce the time the victim has to think about what they’re doing. Something such as “your account will be deleted”, or “charges will be applied” is calling the victim to not think, just act.
Website spoofing is similar to email spoofing, but a little more advanced. In this scenario, an attacker has designed a website to look nearly identical to a legitimate website that the victim may use. This is commonly seen with online banking, or even social media websites.
- Like email spoofing, make sure to carefully check the URL that you are being sent to. Looking for minor discrepancies in the spelling of words or replaced characters (like lowercase l for a capital I, for example).
- Spoofed websites are usually sent to victims through phishing. To help alleviate being sent to a spoofed website, it’s always a smart idea to navigate to the website in question on your own, as opposed to using the provided link in the email. This ensures that you’re being sent to the actual website, and not a spoofed one.
Caller ID Spoofing
Caller ID spoofing is an annoyingly growing trend. The difference here between the other two is that spoofing your phone number is not illegal, unless it’s being used for malicious purposes. This process is used to make the receiver of the call more likely to answer, because it looks like the call is coming from somewhere near them. Also differently from the previous two spoofing examples, there isn’t really anything that can be done about caller ID spoofing. My general rule of thumb when I receive a call from a number I don’t recognize is that I simply ignore it. If it’s important, they will leave a message. If it’s not, it must have been too important anyway. Usually caller ID spoofing will be used by scammers, but again this may not always be the case. Ignoring the call is the best way to not fall victim to any ensuing potential scams.