Spoofing: An introduction

April 30, 2020

A common element of most cyber security scams is that they try to trick victims.

Most people would not willingly give up sensitive information (like personal information or credit card information) or agree to have their devices infected with malicious software.

Cyber criminals rely on  trickery or threats to get victims to provide that information or access.

One of the most common ways of tricking victims? Spoofing.

What is spoofing

Spoofing is a tactic in which a cyber criminal disguises malicious communication or activity as something from a trusted source. Cyber criminals use spoofing to fool victims into giving up sensitive information or money or downloading malware.

Cyber criminals can spoof emails addresses or even websites.

For example, a cyber criminal might create a website that looks like a trusted banking institution by using similar colours, logos, and designs. Cyber criminals hope that you fall for their trick so that you enter (and give up) your personal information.

Cyber criminals frequently use spoofing to carry out phishing attacks.

For example, a scammer may send you an email from an address that resembles a colleague, friend or trusted company. At first glance, the email may seem real, but the scammer is hoping that you click on a  link, open an attachment, or give up personal information.

Other examples of ways that cyber criminals use spoofing include:

How to protect yourself against spoofing

Know the signs

Cyber criminals are good at designing messages or websites that look trustworthy. They use  the same, or similar, graphics and logos  that a trusted company uses.
But there are signs of that a message or website is spoofed.

If you look carefully, you can often notice that something is slightly off. An email address might end with another domain.

In other cases, the email address might have one letter missing or added.

When unsure, verify

If you’re not sure whether you are receiving a legitimate communication, do what you can to verify it.

For example, if you get an email claiming to be from your bank, look up the bank’s phone number online and give them a call to verify the message or request.

Use your instinct

Listen to your gut. Most companies put a lot of time and effort into their communications. If something doesn’t quite look right in an email or on a website, it may be spoofed.

Similarly, if you receive a call from someone who claims to be from a government agency, think twice. Before you give up your information, ask yourself if the government would contact you in this way.

In almost all cases, the answer is no. You can always hang up and call back using the contact information from the official website.

Conclusion

We all know, instinctively, that tricking people is wrong. The problem is that knowing when you’re being tricked is sometimes difficult.

By educating yourself on what spoofing is you can better protect yourself  from becoming a victim.

If you are a victim of a spoofed message or website, report it to the Canadian Anti-Fraud Centre and your local police.


Follow Get Cyber Safe on Twitter, Facebook and Instagram.


Comments

By submitting a comment, you agree to have Public Safety Canada collect the comment and publish it on this website (comment policy).



Comments

There are no comments at this time

Date modified: