Post Content

Data Privacy Series: Spoofing

 

What is Spoofing?

Spoofing is a general term for tricking or deceiving. In the context of consumer data privacy, spoofing usually refers to email or caller ID spoofing. Spoofing is closely related to phishing and is sometimes used synonymously.

How Can You Defend Against Email Spoofing?

Email spoofing occurs when a data thief emails the victim asking for personal information such as a username and password or personal information. The email is designed to look official, often using forged headers and a disguised sender’s address. Alternatively, some data thieves use spoofing to disguise emails as from friends, promoting a limited offer requiring personal information and immediate action. Disclosing such information makes you vulnerable to identity theft, risking fraudulent debt and credit disaster. With this in mind, there are several ways you can protect yourself against spoofers.

  • Look for spelling errors. Spoofers often change small details of website and domain names to appear official. For example, a spoofer may use a disguised sending address like “customerservice@wallmart.com” instead of “customerservice@walmart.com” or a disguised website link of “www.paypals.com/signin” instead of “www.paypal.com/signin.”
  • Check that the email is personalized. Spoofers often address emails generally, using greetings such as “Dear customer,” “Dear valued XYZ customer,” or “Dear XYZ user.” Nearly all major businesses have adopted policies requiring the use of personalized information in official emails. For example, an official bank email will usually include your name and the last four digits of your account number. Be cautious if you receive an email addressed generally asking for personal information.
  • Look for threats. Spoofers usually create a sense of urgency with their emails. They may state that an account is overdrawn or indicate impending legal trouble using implicitly threatening language. If you believe the danger could be legitimate, contact the business directly rather than by replying to the threatening email.    
  • Double check email addresses and links. Almost all email programs allow users to check email addresses and links. When you hover your mouse over the text of an email address or link, a pop up should appear indicating the true location of the email or link. If the pop up location does not match the text of the email or link, it may be a spoof email.
  • Trust your spam filters. Spam filters are designed to detect and block emails sent from abnormal or faulty addresses. If you see that an apparently important message has been filtered as spam, check it carefully to ensure it is not a spoof email.
  • If you have any doubts, contact the business directly. If you have any doubts that the email or link is not from the business, contact the business directly using the accurate information you have.

What is Caller ID Spoofing?

Caller ID spoofing occurs when the spoofer disguises their caller ID number as another number (or even your own number) to gain access to personal information. For example, a spoofer may call with their number disguised as that of a bank and ask their victim to verify account information. Many spoofers are currently using this strategy to pose as the Internal Revenue Service threatening legal action, fines, or jail. Other spoofers monopolize on an event, such as scammers pretending to be home improvement contractors that call around asking if people’s roofs were damaged in a recent storm. If this happens, the “contractors” may make a show of assessing damages, then ask for money up front, and disappear. Review information on our website on home improvement for steps on finding a contractor and other important information.

How Can You Defend Against Caller ID Spoofing?

  • Do not give out personal information to someone who has called you. If someone calls asking for important financial or personal information, ask for their contact information and ask to call back.
  • Use an online search engine to reverse-lookup their phone number. Use the information you are given to check online whether the phone number is associated with any known scams.
  • Do not trust caller ID. Unfortunately, caller ID is easily manipulated by spoofers, making it an unreliable source for identifying callers.
  • If you have any doubts, contact the source directly. Just as with email spoofing, if you have any doubts that the call is not from a legitimate source, contact the source directly using the accurate information you have obtained from a neutral source.

Visit the Office of Consumer Affairs and Business Regulation website for more information about Identity Theft and scams. If you have questions, contact the Consumer Information Hotline at 617-973-8787 or email us.

Written By:

Recent Posts

Fraud Alert: Unemployment Benefits & ID Theft posted on Nov 17

Fraud Alert: Unemployment Benefits & ID Theft

Driven by the economic downturn brought on by pandemic related restrictions, unemployment across the U.S. is at a historic high. While national and local averages slowly decline across the country, unemployment fraud is on the rise. For many the unemployment benefit is a lifeline. Unfortunately, for   …Continue Reading Fraud Alert: Unemployment Benefits & ID Theft

Winter is Coming, Are You Ready? posted on Nov 3

Winter is Coming, Are You Ready?

The days are getting shorter, and the nights are getting a lot colder. As New Englanders we are beginning to switch the items in our  wardrobes from light weight tee-shirts to heavy cardigans. This fall your closet should not be the only room in the   …Continue Reading Winter is Coming, Are You Ready?

Halloween During the COVID Era posted on Oct 29

Halloween During the COVID Era

Ordinarily, scary things on Halloween are confined to spooky movies, frightening costumes, and the possibility of tainted goodies, but this year COVID-19 presents additional concerns for trick-or-treaters and those giving out candy. Just as with other activities, precautions can be taken to make Halloween safe   …Continue Reading Halloween During the COVID Era