Are You Being ‘Spoofed’? This Specific Type Of Scam Is Hard To Catch.

Related searches

Scammers succeed by tricking you into giving out personal information – and one of the easiest ways they can get you to do this is by posing as someone you know.

When an unscrupulous person poses as someone you trust or as a legitimate retailer, the scam is called “spoofing.” By spoofing, says Amy Nofziger, Director of Victim Support for AARP’s Fraud Watch Network, scammers prey on “our fear and curiosity that this person is someone we know.curiosity” about the person being someone we know.

A common tactic in deceptive scams is to make an email address, text message, website or phone number look like it’s real.But even though it may have a similar or identical display name, domain name, or use the same call-to-action button as a trusted business, politician, or owner, it’s all actually deceptive behavior designed to convince you to download malware or compromise your financial information.

Often, deception can only be detected through small details.Here are some of the most common forms of deception and what to look for:

Telephone fraud

Phone spoofing can be difficult to detect because some apps can replicate caller ID in order to show the display name of someone you know as well as your familiar local area code.

And don’t believe what you hear.During a 2023 episode of 60 Minutes, an ethical hacker used an app to create an AI-generated recording that mimicked the voice of one of the show’s reporters.Through this eerie similarity, the hacker managed to ask a colleague to share the journalist’s passport number over the phone.

In this case, “the best thing you can do is say ‘I’ll call you right back,’ even if it’s just for a minute,” said Cliff Steinhauer, director of information security and engagement at the National Cyber Security Alliance.

In the example of the fooled coworker in 60 Minutes, “If [the coworker] hangs up and calls her boss back, she’ll get her boss, not the attacker.” To help prevent this kind of spoofing, Steinhauer suggests setting up a code word that you can request as a verification test.

Overall, the biggest tell-tale sign that a caller is a scammer is not how believable they look or sound, but what they tell you to do.It’s normal to receive random calls and tell you some information (such as that a prescription is available at the pharmacy).But if the caller urgently needs sensitive information from you to continue the call, you should be vigilant.

If they say, ‘Your child has been injured and you need to send us insurance money immediately with a prepaid gift card or cryptocurrency,’ then they’re asking you for something, and that’s the biggest red flag,” Nofziger said.”

Email spoofing

At first glance, spoofed emails may look reliable.Scammers often use sender addresses that look like they are from well-known companies or authority figures.

Sometimes a small spelling mistake can be the biggest clue that something is going wrong, so beware of misspelled or grammatically unusual emails.Steinhauer shares an example of an email attacker using the domain name of an actual vendor with the same name and signature, but “the only difference was the spelling of the company name.”

The tricky bit in these cases is that the email may have no obvious spelling mistakes at all and may contain addresses, logos and brands that you are familiar with.

So if email is supposed to be internal, but you get an alert that suggests it appears to be coming from an external sender, beware.”Mail being marked as spam or being flagged as spam – that could indicate that someone has corrupted the mail service’s DNS and they’re somehow spoofing it to send email from another domain,” Steinhauer says.

URL Spoofing

Sometimes the wording of an email or text may be correct, but the attachment or hyperlink you are asked to click on is suspicious.

Often times, scammers will create URLs that appear legitimate, but a closer look at the punctuation or wording reveals that they are.For example, drive-google.com is an insecure spoof domain name, while drive.google.com is not.

Typically, when you’re using a computer, you can hover over a link with your mouse and you can see the URL you’re about to visit. if the link in an e-mail or on a Web site is shortened through a service such as Bitly, you can’t see where the link is going to go, Steinhauer says: “It can obscure the actual destination of the link.”In this case, it is best to avoid clicking.

Steinhauer gives the example of a politician sending a random text message asking you to donate to their campaign via a link.Instead of clicking on the shortened, suspicious URL, he suggests visiting that candidate’s website directly.

If you receive an unsolicited e-mail from a business you do business with, such as an airline, “go directly to the website you want to visit,” advises Nofziger, rather than clicking on a link in the e-mail.

What to do if you’ve been scammed

If you end up clicking on that fraudulent link or replying to someone you believe to be a real authority figure, then your next move depends on where it happened and what you end up sharing.

Reporting.

If you encounter this at work, you should immediately inform the IT department that you have been scammed.

If you realize you’ve clicked on a link that wants you to stop there, close it, and then send a ticket to your helpdesk.

If it involves your finances, report what is happening to your bank or credit card as they can temporarily freeze your account.You can also report fraud to the Federal Trade Commission (FTC).

Reset your password and update your computer.

If you think you may be sharing too much information with potential scammers, then you need to beef up your online security.

For good network security, you should continue to install the latest patches and updates on your computer network, authorize multi-factor authentication and reset your password if you have not already done so.

If you think you’ve entered your password on a fake site, the first thing you should do is reset it, because attackers will try to reset your password before you can.

Train yourself to better recognize deceptive behavior.

To better distinguish between fake URLs or domains, try Google’s quiz, suggests Steinhauer, which can help you understand how a misspelling or an unusually worded email address can make you aware of a larger scam in the making.

If in doubt about a caller, send it to voicemail.Do not answer the phone unless you know exactly who is calling.

If you do answer, then please remain silent when you begin to receive detailed requests for information.

The FCC warns on its Web site about phone scams: “Never give out personal information, such as account numbers, Social Security numbers, your mother’s maiden name, passwords, or other identifying information when you receive an unexpected call or if there is anything suspicious.”

Avoiding identity fraud means treating every email or phone call with care.Seeking additional verification when you’re in doubt can be annoying, but dealing with the consequences of stolen identity is even worse.