What is Spoofing?

Spoofing is a cybercriminal's malicious misrepresentation of a phone number, website, or email. By masking their true identity, a cybercriminal is more likely to pull off their scam.

Most of us may already know the term spoofing, as it is commonly used in the real-world to describe an alternate variation of something. Spoofing, from a cybercrime standpoint refers to the cybercriminals action to disguise a phone call, website, or email for malicious purposes. By falsifying their true appearance, a cybercriminal will have a higher success rate for their scam and the more convincing they can make it, the better luck they will have.

Spoofing can fall into many categories, but some of the more common examples include email spoofing, website spoofing and caller ID spoofing.

Let’s look at some of these examples and how we can protect ourselves.

Perhaps the most common example of spoofing is with emails. Scammers will try to spoof a sender’s email address to make it look like the email is coming from a legitimate source but in reality, the sender’s email address is slightly misspelled. Scammers are hoping you overlook the slight discrepancy and take their bait. This fake sender could be posing as a well-known company, a coworker or even a friend or family member. To best protect yourself, carefully analyze the sender’s email address before taking any requested action and watch for minor discrepancies.

Website spoofing is the process of designing a website to look exactly like a trusted page with the intent to get you to provide login credentials or some personal information. Setting up one of these fake pages can take a bit more time but with the right amount of detail, can be nearly identical to the one they are mirroring. A spoofed website link would be typically be delivered in a phishing email. If clicked, the web address that you land on may seem valid, but similar to spoofing, may be off by a letter or two. Be watchful for any discrepancies in the URL or on the page itself like misspellings or if they are requesting too much information. Trust your instincts if something seems odd.

person wearing mask on cell phone call

Possibly the most annoying example of spoofing is caller ID spoofing. This is when a scammer manipulates their calling number to appear to be coming from a more trustworthy source. The technology to do this can be easily purchased and is not illegal unless you are using it maliciously. By seeing a more recognizable phone number, perhaps from a reputable business, you will be more inclined to answer.

Another form of this is neighbor spoofing. The term may be unfamiliar, but this is when a scammer manipulates their number to match the first few digits on your phone number. Since the call looks like it is coming from someone local in your area, you may let your guard down and answer. The best advice is to avoid answering these unknown and unanticipated phone calls. If it’s important, they will leave a message. If you do answer, don’t give out any personal information and if you are uncomfortable, just hang up.

Want more cybersecurity tips to help keep your business safe & secure? Sign up for our email newsletter and have new articles & tips delivered straight to your inbox monthly.

Posted in

Tracy Hardin

Tracy Hardin is President and founder of Next Century Technologies in Lexington, KY. She has a bachelor's degree in computer science from the University of Kentucky and has earned certifications from Novell, Cisco and CompTIA. Her specialties in the field of IT are network design and security, project management and improving productivity through technology. She loves helping people by sharing her knowledge of tech.