How to Avoid Common Types of Fraud: Spoofing

Between information stolen from data breaches and personal details we share on social media, fraudsters can be equipped with a lot of information about who we are. However, they may need to gather additional information not readily available in order to access our personal and financial accounts and perpetrate their schemes.

So that we can better protect ourselves, it is important that we understand some of the typical methods fraudsters use to collect this information. This is the first in a series of blog posts on common fraud tactics. In it, we’ll examine a method known as spoofing.

Simply defined, spoofing is when fraudsters change information to make it appear that they are a trusted source. This can include disguising names, email addresses, phone numbers, or websites. Here is what to know about different spoofing methods and how to prevent fraudsters from obtaining your information.

EMAIL SPOOF

Fraudsters often use email as a resource for gathering data from their victims by representing themselves as a legitimate person or company. The purpose of a spoofed email is to have the victim submit their personal information through a link or an online form, or by unwittingly downloading malware.

Defined as software designed to affect the integrity of the computer, malware can be harmful to your computer and provide fraudsters access to personal information stored on your computer, such as passwords and account information. Examples of malware include adware, viruses, worms, Trojan horses, ransomware, spyware, and “scareware.” (If you have ever had a random pop-up telling you to “click here” to remove a virus infecting your phone or computer, you may be a victim of scareware, which frightens and tricks you into downloading malware.)

For example, an email spoof may involve changing one letter in an email address to make it appear legitimate—if the correct email is johndoe@email.com, it may be changed to jondoe@email.com, a slight difference that can be easy to overlook.

How do you avoid becoming a victim of spoofed emails?

• Be diligent in reviewing the emails in your inbox before opening them and clicking on a link.
  • Was it a message you were expecting?
  • Is personal information being requested?
  • Is the email address legitimate? You can typically hover over an email address to identify the sender. Some applications have a drop-down arrow that shows the sender’s information.
  • Do not open an email from a sender you do not recognize.
  • In some cases, you may be able to search the email address on the internet and determine if it is associated with scams.
• Protect your PC by using a reliable security software. Do your homework and research security software providers and determine which may be best for your needs. Examples of these include Norton and McAfee, but other software is available.

SPOOFED PHONE CALLS

While technology allows us to see who’s calling, it also provides fraudsters with the ability to alter the phone number and caller ID. What may appear to be a legitimate call can actually be an altered number transmitted to your caller ID. Fraudsters often use “local numbers” to make it appear the call is from someone you may know.

How can you tell if the person dialing you from what appears to be a familiar number is legitimate? It’s almost impossible to know based on the caller ID alone. However, there are several ways you can protect yourself against spoofed phone calls.

• Hang up the phone if you do not recognize the voice of the individual calling, or do not answer the call at all if you do not recognize the number.
• Never provide personal information over the phone unless you are fully confident about the identity of the caller. It could be a fraudster representing himself as your financial institution and spoofing their name and number!
• If you are uncomfortable answering questions from a caller claiming to represent a company that you are familiar with, hang up and call that company yourself. If the call is legitimate, the company will most likely have notes in their system on why their employee would be calling you.
• If you’re being pressured on the call, it is most likely a scam. In a lot of cases, scammers use a “shock and awe” approach, trying to use human emotions to make us do something we know we should not. Examples of this are:
  • The grandparent scam is when a “grandchild” calls requesting money for an “emergency” situation such as bailing them out of jail.
  • A Social Security scam, where fraudsters pose as a government agency threatening to “cut off” your benefits and requesting your personal information and/or money to protect you from losing those benefits.
  • The utility scam, where your “utility company” calls, threatening to turn off your power unless you immediately provide your banking information.

• Phone companies may have the option of blocking numbers if they have been previously identified as fraudulent. Ask your service provider if this function is available to you and start blocking the calls.

WEBSITE SPOOFING

Fraudsters can make a website look legitimate by recreating a close resemblance to the actual site, ever so slightly changing the address information to make it difficult to notice. The site itself may contain harmful links, which, when accessed, can allow the fraudster to either capture personal information or download harmful malware on the unsuspecting victim’s computer. For example, vsecu.com could be changed to vescu.com. The individual using the site may not catch the altered URL unless they are paying close attention.

Most legitimate sites, particularly financial institutions, will have a URL that begins with “https.” However, not all such sites are safe.

There is a way to check if a site is safe and secure. DigiCert, a technology company that provides digital certification, validation, and security for websites, explains how you can validate a website and what to look for in various web browsers.

It’s unfortunate that we have to worry about fraudsters in so many areas, especially over the holidays. But with a little preparedness and precaution, we can protect ourselves in email, over the phone, and online.