If you get a phone call, text, or email from a company you trust such as Amazon or Apple requesting personal information, you might think it’s legitimate. But before you do anything, remember that scammers may be using a technique called spoofing.
According to the FBI, spoofing is the practice of disguising a phone number, sender name, email address, or website URL to make you think you’re interacting with a trusted source. These scams, according to the Better Business Bureau PR and Communications Manager – Hawaii, Roseann Freitas, undermine trust in the marketplace. “Scammers want to take advantage of the relationship consumers have with trusted businesses,” Freitas says. “The goal of these con artists is to steal your money and personal information.” This can make it challenging for consumers to trust legitimate businesses.
Here are some different types of spoofing and how to prevent becoming a victim of them.
Caller ID spoofing
With caller ID spoofing, an incoming call is made to look like a trusted or local phone number so you’re more likely to answer and possibly reveal personal information.
These emails look like they're from someone you know or a company you trust. But in actuality, it’s from a scammer trying to get you to disclose personal information, download malicious software (malware), or send them money.
Scammers create fake websites that look like a legitimate business site but are designed to get you to share information like your username and password.
Email and website spoofing scams are often combined. For example, you’ll receive an email that looks like it’s from your bank saying you need to verify your information. You click the link in the email and are taken to what looks like your bank website. Instead, it’s a website the scammers control so they can see what username and password you type in. Then, they’re able to use your information to log in to the real bank website and access to your accounts.
When it comes to protecting yourself against spoofing scams, remember:
- Legitimate companies like your bank or electric company won’t ask for your username or password.
- If you’re on the phone with someone claiming they’re from a trusted company but something about the call seems off, when in doubt, hang up, Freitas recommends. Then, look up the company’s contact information on their official website and call the company to see if their request is real.
- Don’t click on links or open attachments sent via email, social media, or text messages, Freitas says. Not only can the links direct you to spoofed websites, but scammers can also download malware to your phone.
- Always examine the sender’s email address and message carefully. Look for typos, strange wording, and other signs of unprofessionalism.
- Choose a two-factor (or multi-factor) authentication for your accounts and always keep it enabled.
Always be vigilant. If something seems off, listen to your gut. For more information on how to protect yourself or to report a scam, visit the FBI’s Scams and Safety website.