April 30, 2020
A common element of most cyber security scams is that they try to trick victims.
Most people would not willingly give up sensitive information (like personal information or credit card information) or agree to have their devices infected with malicious software. Cyber criminals rely on trickery or threats to get victims to provide that information or access.
One of the most common ways of tricking victims? Spoofing.
What is spoofing
Spoofing is a tactic in which a cyber criminal disguises malicious communication or activity as something from a trusted source. Cyber criminals use spoofing to fool victims into giving up sensitive information or money or downloading malware.
Cyber criminals can spoof emails addresses or even websites.
For example, a cyber criminal might create a website that looks like a trusted banking institution by using similar colours, logos, and designs. Cyber criminals hope that you fall for their trick so that you enter (and give up) your personal information.
Cyber criminals frequently use spoofing to carry out phishing attacks.
For example, a scammer may send you an email from an address that resembles a colleague, friend or trusted company. At first glance, the email may seem real, but the scammer is hoping that you click on a link, open an attachment, or give up personal information.
Other examples of ways that cyber criminals use spoofing include:
- A phone call claiming to be from a legitimate company or government agency
- A text message that looks like it is from a friend or colleague
How to protect yourself against spoofing
Know the signs
Cyber criminals are good at designing messages or websites that look trustworthy. They use the same, or similar, graphics and logos that a trusted company uses. But there are signs of that a message or website is spoofed. If you look carefully, you can often notice that something is slightly off. An email address might end with another domain. In other cases, the email address might have one letter missing or added. Check characters carefully. For example, the lowercase letter A could be swapped for the Cyrillic letter α, leading to a spoofed website.
When unsure, verify
If you’re not sure whether you are receiving a legitimate communication, do what you can to verify it. For example, if you get an email claiming to be from your bank, look up the bank’s phone number online and give them a call to verify the message or request.
Use your instinct
Listen to your gut. Most companies put a lot of time and effort into their communications. If something doesn’t quite look right in an email or on a website, it may be spoofed.
Similarly, if you receive a call from someone who claims to be from a government agency, think twice. Before you give up your information, ask yourself if the government would contact you in this way.
In almost all cases, the answer is no. You can always hang up and call back using the contact information from the official website.
We all know, instinctively, that tricking people is wrong. The problem is that knowing when you’re being tricked is sometimes difficult.
By educating yourself on what spoofing is you can better protect yourself from becoming a victim.
If you are a victim of a spoofed message or website, report it to the Canadian Anti-Fraud Centre and your local police.