What Spoofing Means and How to Stay Safe


Spoofing safety tips image with email icons above a phone in a person's hands

Spoofing is when a fraudster disguises an email address, sender name, phone number or website address to fool you into thinking you are communicating with a trusted person or business. This article will help you recognize spoofing when it’s happening and how to protect yourself from fraud.

First, what does spoofing look like? It might come by email, phone call, or on a website. The criminals who commit fraud know that not everyone knows to check the source of communications. They email or call unsuspecting targets about an urgent matter, compelling us to learn more by clicking a link, or giving our confidential information.

As a result, we may download malicious software (malware), send money or disclose passwords or banking details. It’s only when we learn there is money missing from our accounts or our computers are infected with malware that we realize we’ve been scammed.

For example, a local B.C. credit union recently emailed its customers to alert them to a growing spoofing scam where “criminals are replicating [our] real website in hopes of accessing your account.”

Other spoofing schemes include government agencies calling about outstanding taxes. Pop-up windows declare our computers are infected with malware. Emails and text messages from well-known banks, department stores and pharmacies urge us to click the link to claim a prize or approve a transaction we didn’t make. They tug on our vulnerabilities.

But don’t worry! Here are the most common types of spoofing broken down and how to protect yourself against them.

How to Protect Yourself from Spoofing Calls and Emails

Don’t React to Spoofing Calls

Most of us have received calls from the CRA threatening to arrest us if we don’t pay up. That scam is familiar to many Canadians and fraudsters have switched to other schemes. One very common spoofing call is from a supposed Microsoft employee who tells you your computer is infected. They want your computer and email passwords so they can take over your computer to “fix the problem.” Another scam is to pose as a bank employee who is calling to enlist your help to catch a criminal.

Hang up immediately. No reliable company would call you out of the blue or ask for your help. If you are unsure, look up the business’s phone number and call them directly. Do not use the number the caller gave you, as it is likely a fake. If there really is an issue, the business will confirm.

Beware the Spoofing Email

Similar to the spoofing call, a spoofing email comes from someone posing as a reliable company. It can be for a variety of reasons: you have won a trip, you can take a survey to win a prize, your subscription expired, or you can get a discount when shopping. Remember the old adage: if it seems too good to be true, it likely is! Here are a few other telltale signs to alert you to these tricksters.

When you get an email urging you to click a link, check the sender’s email. For example, the sender’s name might be a trusted contact, but when you click it to see the actual email address, it is often an address completely unrelated to the so-called sender. What seems to come from MyFavouriteStore has been sent from a nonsense address like lvi957umpqp@in4scsr.us. Click that link and you will likely be infected with malware or be invited to send money for a bogus scheme.

You may also see that the company logo or other images are blurry or stretched out of shape. There are often spelling mistakes, poor grammar, your name is in lower case, or the email message is vague without much detail. Just delete the email and move on. If you are really concerned, log into your account (don’t click the link in the email) and contact the company directly.

Website spoofing is tricky business

Many of us have done an internet search for a business, clicked on the first link, then arrived at a website that provides the same service but isn’t the business we were looking for. It might be a Google ad, but sometimes it’s criminals are trying to trick us with a spoof website.

Fraudsters are betting that unsuspecting people will sign into their accounts, revealing their passwords and sensitive information. Especially dangerous in the case of our banks, as criminals now have what they need to access bank accounts. Here’s how to protect yourself.

  1. Don’t use a search engine when doing your banking or shopping online. Type the business’s URL directly into the address bar, or have it saved as a favourite or bookmark.
  2. Beware of emails or text messages asking you to login to your account. Often the fraudulent website or email uses the actual name but with an extra letter in the name. They are counting on you to not notice. Instead of the link, go straight to the website yourself.
  3. If the bank or store has their own app, download it and do your transactions directly from there. But not on public wifi! Do this at home or on a trusted network, such as from the home of a family member.
  4. Don’t reuse your password from site to site, and app to app. If one website is breached, the fraudster can now access your entire online presence.  See our blog on passwords (link to blog) for important steps to protect your passwords from fraudsters.
  5. Most banks allow you to set up account alerts. They will notify you of transactions, low balance amounts and when payments are due. You can select which alerts you want so don’t worry about being inundated. It’s a free service offered by your financial institution to protect you.

What If I Mess Up?

Rule number one: do not be embarrassed. These criminals are professionals who put a lot of study into how they can trick people out of their money. If someone does defraud you, make sure you report it. With early reporting, stolen money can often be recovered.

The Canadian Anti-Fraud Centre reported that in 2022, $551 million were lost to fraud in Canada. Unfortunately only 5-10 percent of victims file a fraud report, often because they are too embarrassed or don’t know how. The fact is, if we don’t report fraud, it can’t be investigated.

Fraud and cybercrime can happen to anyone. Contact your local police, your bank (if it’s a bank scam) and file a report with the Canadian Anti-Fraud Centre.

Keep Calm and Carry On

It may seem like a scary world out there but when you know how to spot a scam, you can be perfectly safe online. Learn more about common types of fraud in Canada and access the BC CRN resource page for materials to distribute amongst your CRN partners and clients.

CRNs: Here are two topics or social media posts to get you started:

#Spoofing is when a fraudster disguises an email address, sender name, phone number or web address to fool you into thinking they’re a trusted person or business. Contact the company directly to ensure it’s authentic. #FraudPreventionMonth #fraud

Don’t be embarrassed! #Fraud and cybercrime is committed by professionals who know how to fool people. Contact your local police, your bank (if it’s a bank scam) and file a report with the Canadian Anti-Fraud Centre.  #FraudPreventionMonth

 

 

© BC CRNs. All rights reserved. • Registered Charity#: 89342 3400 RR0001 • We acknowledge the financial support of the Province of British Columbia • Privacy Policy