What is spoofing and how can you prevent it?

Spoofing is the act of masking a communication from an unknown source as being from a known trusted source. Spoofing can be attempted via emails, phone calls, websites, texts, GPS, IP addresses and servers.

The aim of spoofing is to try to gain access to personal information, bypass network controls and/or infect devices with malware through links or attachments. Scammers use spoofing to try to steal a target’s assets or identity and it can be used to carry out phishing attacks, which aim to obtain sensitive personal information from individuals or organisations.

A successful spoofing attack on an organisation can result in infected computer systems and networks, data breaches and/or loss of revenue. This is likely to impact heavily on the reputation of the company in question.

Spoofing is the act of masking a communication from an unknown source as being from a known trusted source. Spoofing can be attempted via emails, phone calls, websites, texts, GPS, IP addresses and servers.

The aim of spoofing is to try to gain access to personal information, bypass network controls and/or infect devices with malware through links or attachments. Scammers use spoofing to try to steal a target’s assets or identity and it can be used to carry out phishing attacks, which aim to obtain sensitive personal information from individuals or organisations. A successful spoofing attack on an organisation can result in infected computer systems and networks, data breaches and/or loss of revenue. This is likely to impact heavily on the reputation of the company in question.

Table of Contents

How to prevent spoofing?

Although it can happen to even the most tech savvy people, you can protect yourself to avoid becomming a victim of spoofing, here are 9 tips to keep in mind:

1. Be vigilant

The best way to prevent against spoofing is to be vigilant for any signs of a spoof, suspicious of any unfamiliar communication and trust your instinct. If something does not feel or look right then it probably isn’t.

2. Be suspicious of text messages from unknown numbers

If you receive a text message from an unknown number claiming to be sent from a particular organisation, check spelling of company name, do not try to ring the number and do not click on any links. Contact the organisation directly to clarify situation.

3. Look for spelling and grammatical errors

There are often basic errors of spelling and grammar in phishing scam emails. These could be in URLS, addressees or the text itself. Check that names of organisations are accurate.

4. Check if email addresses correspond to company information

If you click on the sender’s name then there will be an email address, which may have no connection at all to the legitimate organisation it claims to pertain to.

5. Check if email is addressed to the recipient

If there is an issue with your account or something connected to you then the email should have your name specifically as the recipient.

6. Watch out for misleading web address links

If there is a link in the email then do not click on it. Go to the organisation’s website directly instead to see if there are any messages for you or contact the company by telephone. To check authenticity, you can hover your cursor over the link in the email to reveal the real website address.

7. Be wary of communication from unknown companies and services

Unless you have signed up to any mailing lists, then emails you receive should be from known companies and services. In the same vein, any telephone calls you receive from companies whose services you do not use of for which you do not have an account should be treated with suspicion.

8. Do not open any attachments from unknown sources

If the email appears suspicious and you are not familiar with the sender, never open any attachments.

9. Check the security of the URL

If a website is secure then the URL of the website should states ‘https’ at the start of the address. The SSL certificate attached to the website is used to secure data that is passed to the website’s server from the browser. A padlock sign to the left of the address means the website in question is secure. 

Action you can take if you have been spoofed

There are a number of steps you can take to significantly improve the security of your online accounts. We also recommend these steps to prevent you from being spoofed at all.

Report the suspect spoof to the organisation and the authorities

If you suspect an email or text to be a scam then report it to the organisation in question and send screenshot of text or forward text or email to the relevant phishing department. Contact details can usually be located easily on the company’s website. Report any criminal case where money has been stolen to the police. Spoofs can also be reported to Action Fraud in the UK or you can file a complaint at the FCC’s Consumer Complaint Center (USA).

Change your password

If you suspect something a text or an email you have received is a scam, then it is wise to change your password for that organisation and do the same for any other accounts where you use the same password.  Ensure the password is a strong one with a combination of digits, letters and special characters with no obvious pattern.

Set up two – factor authentication

Two -factor authentication adds another layer of protection to your passwords or codes so is well worth considering if supported by the app or website you wish to use.

Consider the use of a password manager

If the password manager software does not automatically fill out your password and username then it could be a sign that the website is spoofed. Auto-fill software does not work on spoofing sites.

Ensure antivirus software is up to date

Investing in (and installing) effective antivirus software is the best way to protect and defend your devices against malicious viruses or threats from online scammers. Ensure it is kept up to date.

Lady Janey

Lady Janey

Queen of Customer Service, Travel Expert, Radio Presenter & Author showcasing the best companies and challenging the worst!

More about this author
Have you been spoofed?

File your complaint on Complain.biz. We will give your complaint the attention it deserves.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments