Post Content

Data Privacy Series: Spoofing

 

What is Spoofing?

Spoofing is a general term for tricking or deceiving. In the context of consumer data privacy, spoofing usually refers to email or caller ID spoofing. Spoofing is closely related to phishing and is sometimes used synonymously.

How Can You Defend Against Email Spoofing?

Email spoofing occurs when a data thief emails the victim asking for personal information such as a username and password or personal information. The email is designed to look official, often using forged headers and a disguised sender’s address. Alternatively, some data thieves use spoofing to disguise emails as from friends, promoting a limited offer requiring personal information and immediate action. Disclosing such information makes you vulnerable to identity theft, risking fraudulent debt and credit disaster. With this in mind, there are several ways you can protect yourself against spoofers.

  • Look for spelling errors. Spoofers often change small details of website and domain names to appear official. For example, a spoofer may use a disguised sending address like “customerservice@wallmart.com” instead of “customerservice@walmart.com” or a disguised website link of “www.paypals.com/signin” instead of “www.paypal.com/signin.”
  • Check that the email is personalized. Spoofers often address emails generally, using greetings such as “Dear customer,” “Dear valued XYZ customer,” or “Dear XYZ user.” Nearly all major businesses have adopted policies requiring the use of personalized information in official emails. For example, an official bank email will usually include your name and the last four digits of your account number. Be cautious if you receive an email addressed generally asking for personal information.
  • Look for threats. Spoofers usually create a sense of urgency with their emails. They may state that an account is overdrawn or indicate impending legal trouble using implicitly threatening language. If you believe the danger could be legitimate, contact the business directly rather than by replying to the threatening email.    
  • Double check email addresses and links. Almost all email programs allow users to check email addresses and links. When you hover your mouse over the text of an email address or link, a pop up should appear indicating the true location of the email or link. If the pop up location does not match the text of the email or link, it may be a spoof email.
  • Trust your spam filters. Spam filters are designed to detect and block emails sent from abnormal or faulty addresses. If you see that an apparently important message has been filtered as spam, check it carefully to ensure it is not a spoof email.
  • If you have any doubts, contact the business directly. If you have any doubts that the email or link is not from the business, contact the business directly using the accurate information you have.

What is Caller ID Spoofing?

Caller ID spoofing occurs when the spoofer disguises their caller ID number as another number (or even your own number) to gain access to personal information. For example, a spoofer may call with their number disguised as that of a bank and ask their victim to verify account information. Many spoofers are currently using this strategy to pose as the Internal Revenue Service threatening legal action, fines, or jail. Other spoofers monopolize on an event, such as scammers pretending to be home improvement contractors that call around asking if people’s roofs were damaged in a recent storm. If this happens, the “contractors” may make a show of assessing damages, then ask for money up front, and disappear. Review information on our website on home improvement for steps on finding a contractor and other important information.

How Can You Defend Against Caller ID Spoofing?

  • Do not give out personal information to someone who has called you. If someone calls asking for important financial or personal information, ask for their contact information and ask to call back.
  • Use an online search engine to reverse-lookup their phone number. Use the information you are given to check online whether the phone number is associated with any known scams.
  • Do not trust caller ID. Unfortunately, caller ID is easily manipulated by spoofers, making it an unreliable source for identifying callers.
  • If you have any doubts, contact the source directly. Just as with email spoofing, if you have any doubts that the call is not from a legitimate source, contact the source directly using the accurate information you have obtained from a neutral source.

Visit the Office of Consumer Affairs and Business Regulation website for more information about Identity Theft and scams. If you have questions, contact the Consumer Information Hotline at 617-973-8787 or email us.

Written By:

Recent Posts

Home Improvements That You Can Do in the Winter posted on Feb 19

Home Improvements That You Can Do in the Winter

Are you thinking about starting home improvement projects, but would rather wait for the spring or summer months? While hiring contractors and beginning work on such projects seem more like tasks for warmer weather, the winter may be an excellent time to assess the state   …Continue Reading Home Improvements That You Can Do in the Winter

Precautions to Take When You Encounter a Romance Scam posted on Feb 10

Precautions to Take When You Encounter a Romance Scam

Every year on February 14th, Valentine’s Day encourages trading gifts, purchasing roses, and special romantic evenings with your partner. It could be the day your sweetheart looks forward to the most in February. Though it may be the most romantic day of the year, you   …Continue Reading Precautions to Take When You Encounter a Romance Scam

Roslindale Homeowners Receive HIC Guaranty Fund Check posted on Jan 31

Roslindale Homeowners Receive HIC Guaranty Fund Check

On Friday, January 24th, the Undersecretary of the Office of Consumer Affairs and Business Regulation, Edward A. Palleschi, presented two Roslindale homeowners with checks from the Home Improvement Contractor (HIC) Guaranty Fund, a fund that is administered by the Office. The homeowners received checks for   …Continue Reading Roslindale Homeowners Receive HIC Guaranty Fund Check