What is spoofing and how can you prevent it?

  • By Jane Hawkes
  • Last updated on: February 23, 2022

Spoofing is the act of masking a communication from an unknown source as being from a known trusted source. Spoofing can be attempted via emails, phone calls, websites, texts, GPS, IP addresses and servers.

The aim of spoofing is to try to gain access to personal information, bypass network controls and/or infect devices with malware through links or attachments. Scammers use spoofing to try to steal a target’s assets or identity and it can be used to carry out phishing attacks, which aim to obtain sensitive personal information from individuals or organisations.

A successful spoofing attack on an organisation can result in infected computer systems and networks, data breaches and/or loss of revenue. This is likely to impact heavily on the reputation of the company in question.

Spoofing is the act of masking a communication from an unknown source as being from a known trusted source. Spoofing can be attempted via emails, phone calls, websites, texts, GPS, IP addresses and servers.

The aim of spoofing is to try to gain access to personal information, bypass network controls and/or infect devices with malware through links or attachments. Scammers use spoofing to try to steal a target’s assets or identity and it can be used to carry out phishing attacks, which aim to obtain sensitive personal information from individuals or organisations. A successful spoofing attack on an organisation can result in infected computer systems and networks, data breaches and/or loss of revenue. This is likely to impact heavily on the reputation of the company in question.

Table of Contents

How to prevent spoofing?

Although it can happen to even the most tech savvy people, you can protect yourself to avoid becomming a victim of spoofing, here are 9 tips to keep in mind:

1. Be vigilant

The best way to prevent against spoofing is to be vigilant for any signs of a spoof, suspicious of any unfamiliar communication and trust your instinct. If something does not feel or look right then it probably isn’t.

2. Be suspicious of text messages from unknown numbers

If you receive a text message from an unknown number claiming to be sent from a particular organisation, check spelling of company name, do not try to ring the number and do not click on any links. Contact the organisation directly to clarify situation.

3. Look for spelling and grammatical errors

There are often basic errors of spelling and grammar in phishing scam emails. These could be in URLS, addressees or the text itself. Check that names of organisations are accurate.

4. Check if email addresses correspond to company information

If you click on the sender’s name then there will be an email address, which may have no connection at all to the legitimate organisation it claims to pertain to.

5. Check if email is addressed to the recipient

If there is an issue with your account or something connected to you then the email should have your name specifically as the recipient.

6. Watch out for misleading web address links

If there is a link in the email then do not click on it. Go to the organisation’s website directly instead to see if there are any messages for you or contact the company by telephone. To check authenticity, you can hover your cursor over the link in the email to reveal the real website address.

7. Be wary of communication from unknown companies and services

Unless you have signed up to any mailing lists, then emails you receive should be from known companies and services. In the same vein, any telephone calls you receive from companies whose services you do not use of for which you do not have an account should be treated with suspicion.

8. Do not open any attachments from unknown sources

If the email appears suspicious and you are not familiar with the sender, never open any attachments.

9. Check the security of the URL

If a website is secure then the URL of the website should states ‘https’ at the start of the address. The SSL certificate attached to the website is used to secure data that is passed to the website’s server from the browser. A padlock sign to the left of the address means the website in question is secure. 

Action you can take if you have been spoofed

There are a number of steps you can take to significantly improve the security of your online accounts. We also recommend these steps to prevent you from being spoofed at all.

Report the suspect spoof to the organisation and the authorities

If you suspect an email or text to be a scam then report it to the organisation in question and send screenshot of text or forward text or email to the relevant phishing department. Contact details can usually be located easily on the company’s website. Report any criminal case where money has been stolen to the police. Spoofs can also be reported to Action Fraud in the UK or you can file a complaint at the FCC’s Consumer Complaint Center (USA).

Change your password

If you suspect something a text or an email you have received is a scam, then it is wise to change your password for that organisation and do the same for any other accounts where you use the same password.  Ensure the password is a strong one with a combination of digits, letters and special characters with no obvious pattern.

Set up two – factor authentication

Two -factor authentication adds another layer of protection to your passwords or codes so is well worth considering if supported by the app or website you wish to use.

Consider the use of a password manager

If the password manager software does not automatically fill out your password and username then it could be a sign that the website is spoofed. Auto-fill software does not work on spoofing sites.

Ensure antivirus software is up to date

Investing in (and installing) effective antivirus software is the best way to protect and defend your devices against malicious viruses or threats from online scammers. Ensure it is kept up to date.

Jane Hawkes

Jane Hawkes

Queen of Customer Service and Consumer Champion specialising in travel showcasing the best companies and challenging the worst!

More about this author
Have you been spoofed?

File your complaint on Complain.biz. We will give your complaint the attention it deserves.

File complaint
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Related articles

  • How to get a refund for a cancelled event?

    It is of course very disappointing if an event where you've been looking forward to is cancelled. Fortunately, in most cases you can get your money back. We give advice on how to get this done. Read more

  • chinese company complaint

    How to complain against a Chinese Company?

    Making an effective complaint can be tricky at the best of times but the process becomes even more problematic when the company is based in China. Here’s all you need to know in order to complain against a Chinese company - and get results! Read more

  • How to make a successful claim in the small claims court?

    If you’ve reached the end of the road with a company that just won’t listen then you may need to consider legal action through the small claims court to get money back or compensation. Small claims court claims are generally simple cases, which do not involve large amounts of money or complicated issue. Read more