In the FBI’s 2023 Internet Crime Report, email spoofing has cost the world over $18 million and leads all other categories with the most complaints filed.
An average of 3 billion spoofing emails are sent per day. Understanding how to identify and avoid them can prevent you from becoming a victim and keep your accounts secure. Cybercriminals are using the email spoofing tactic to trick users into divulging sensitive information that may lead to financial fraud and potentially identity theft.
What is Spoofing?
Spoofing occurs when bad actors send emails or other correspondence purportedly from legitimate businesses. Spoofing can also refer to hosted websites that mimic official ones but with the malicious intent of collecting your sensitive information. Different types of spoofing may occur separately, but often are used together to further deceive or disguise their intent to unsuspecting victims. Spoofing is often the first step in escalating into larger cyber threats, such as malicious phishing campaigns and ransomware attacks.
Types of Spoofing
Some of the most common types of spoofing are listed below:
- Email Spoofing: Spoofers will send emails that appear to be from legitimate sources, such as large reputable companies, friends or family. In reality, the emails contain malicious links or files. Due to the false sense of security created by the appearance of legitimacy, individuals may be more susceptible to clicking on these links than those in “normal” spam emails.
- Website Spoofing: Website spoofing also aims to convince users the website they are interacting with is legitimate. Since these fake websites are created to perfectly replicate the authentic versions, it is easy for users to miss key signs that could tip them off and protect them from interacting with malicious links. Examples include typo-squatting, domain impersonation or website redirection.
- SMS/Caller ID Spoofing: This type of spoofing involves threat actors changing the appearance of their phone number to a legitimate contact on your device to disguise their malicious intent. SMS text messages can be used by legitimate companies for marketing purposes, but bad actors can also use this tactic (SMS spoofing) to imitate communications from the same businesses, friends and family. Similarly, Caller ID spoofing happens when bad actors appear to be calling from a reputable company or acquaintance. Bad actors will use these methods to collect personal information or to commit financial and identity crimes.
How to Identify Spoofing
Understanding a spoofer’s tactics can help you avoid falling victim to one. Please see the following signs below to help you identify a potential spoofing attack:
- A spoofer’s messages or emails may reflect urgency that a legitimate sender’s emails would not.
- Spoofers may ask for personal information through emails or other channels.
- Spoofers may have poor spelling or grammar.
- Spoofers sometimes make suspicious requests, such as asking you to reset your password through at text.
How to Avoid Spoofing
Avoiding spoofing requires attention to detail and skepticism. Below are some quick tips to protect you and your accounts:
- Verify communications are legitimate: Directly contact individuals you have a personal relationship or interaction with and verify communications were legitimate. Use the LPL Report Phishing button or contact us if you receive a suspicious email, text or other communications.
- Block unknown numbers: If you receive calls or texts from unknown numbers, you can block them to avoid further contact.
- Don’t respond instantly: If you get a text requesting urgent action, take a minute to confirm that the sender is legitimate before replying.
- Do not respond to questions from unknown calls: When receiving unknown calls, do not respond to questions, especially if they are yes or no questions.
- Never reset your password if you did not initiate it: Do not respond to random SMS requests to reset your password, even if says it is from a trusted source.
Spoofing has been happening since the 1970’s and will continue to be a threat. There is a good chance that you have already experienced spoofing. Therefore, it is in your best interest to not only understand the dangers associated with falling victim to spoofing, but also red flags and tactics spoofers use to bait their victims.
This material is for general information only and is not intended to provide specific advice or recommendations for any individual. This material was prepared by LPL Financial, LLC
Tracking #572975