Spoofing

Spoofing is a type of scam where an intruder attempts to gain unauthorized access to a user's system or information by pretending to be the user. The main purpose is to trick the user into releasing sensitive information in order to gain access to one's bank account, computer system or to steal personal information, such as passwords.

There are several kinds of spoofing, including email, caller ID, and uniform resource locator (URL) and GPS spoof attacks.

Email spoofing (or phishing), used by dishonest advertisers and outright thieves, occurs when email is sent with falsified “From:” entry to try and trick victims that the message is from a friend, their bank, or some other legitimate source. Any email that claims it requires your password or any personal information could be a trick.

In a caller ID attack, the spoofer will falsify the phone number from which they are calling.

URL spoofing is when scammers set up a fraudulent website to obtain information from victims or to install viruses on their computers. For instance, targets might be directed to a site that looks like it’s from their credit card company and be asked to log in. If one falls for it and actually logs in, the scammer could then log onto the real site and commit mishap by using the account information the victim used to log in. (For more, see: 6 Ways To Protect Yourself From Cybercrime)

A GPS spoofing attack attempts to deceive a GPS receiver by broadcasting incorrect GPS signals, structured to resemble a set of normal GPS signals, or by rebroadcasting genuine signals captured elsewhere or at a different time. Spoofed signals may be modified in such a way as to cause the receiver to wrongly estimate its position or to be located where it is but at a different time, as determined by the attacker. One common form of a GPS spoofing attack, commonly termed a carry-off attack, begins by broadcasting signals synchronized with the genuine signals observed by the target receiver. The power of the counterfeit signals is then gradually increased and drawn away from the genuine signals.

Be extremely cautious whenever you receive a message asking for personal information and only download files from trusted sources. Install firewalls to block suspicious inquiries and keep antivirus software installed and up-to-date on any computer you use. If you get an inquiry seeking personal information, don’t provide it. Hang up (or log off) and then independently look up the phone number or customer service email address from the entity purportedly contacting you for your personal information. If you think you’ve been spoofed, contact the FCC at 1-888-CALL-FCC or via email at www.fcc.gov/complaints.