When cybercriminals disguise themselves: what is spoofing and how to prevent it?
New opportunities for Internet fraud are created with every new day that passes. One of those is spoofing. Cybercriminals operate cunningly, impersonating someone from a bank, insurance company, the tax authorities or, even worse, your own company! So you better find out quickly how this particular type of fraud works and how to prevent it.
Because spoofing comes in many different forms. Receiving unsafe e-mails, ending up on a fake website, answering bogus phone calls... Hackers use various spoofing techniques to trick you.
What does spoofing mean?
Although spoofing comes in many complex forms and involves different techniques, its meaning is fairly easy to understand. Spoofing means that fraudsters use a loophole to assume the identity of someone else.
As a result, you often do not immediately realise that you are dealing with online scams. Because the e-mails you receive really seem to come from the sender you know. Just like the fake websites or bogus phone numbers you see.
Who knows, you might even receive a fake e-mail from your harmless grandmother. Hopefully, you will never have to tell her what spoofing means.
How does spoofing work?
In spoofing, criminals attempt to steal personal data from you. They do this by sending you fake e-mails, for example. Then you are dealing with e-mail spoofing. The e-mail address appears to belong to an existing sender and the e-mails themselves look pretty authentic.
So in spoofing, the scammer assumes a different identity. And this is how criminals hope to steal your data or money, or install dangerous malware on your computer.
What are the different forms of spoofing?
Spoofing unfortunately works in different ways, which makes it hard to prevent or stop spoofing attacks.
Here, we are going to talk about an increasingly common form of fraud. But you should not simply compare it to the phishing e-mails that you regularly receive in your mailbox. In this blog post, you can find out what phishing exactly is.
These are the most common forms of spoofing:
This is e-mail spoofing
Those who fall victim to e-mail spoofing have received a fake e-mail sent from an e-mail address that in reality does not belong to the sender you know at all. It is perfectly possible that you receive e-mails from your own e-mail address, but they might just as well be from the bank where you have been a customer for years or from the Flemish Tax Service.
So the e-mails sent by the scammers on behalf of the 'safe' sender will look totally legitimate, which is why you should protect yourself. Remember that no bank will call to ask you to transfer money to a secure account, for example, allegedly because cybercriminals have used your bank card. And public authorities will never ask you to share personal data in an e-mail.
So, as a recipient, make sure to put out a few feelers and, if in doubt, contact the person who sent the e-mail. Because no matter how well you secure your own e-mail servers, there is always a chance that you will receive e-mails or phone calls from someone in your network who has actually become a victim of a spoofing attack.
Stopping e-mail spoofing or preferably just preventing it?
Combell allows you to enable Sender Policy Framework (SPF).
This is an authentication protocol that will act as a shield against spoofing. It will prevent anyone from sending unsafe e-mails on your behalf or from any existing e-mail address of yours. SPF is also a great way to avoid having to worry about e-mail filters marking your e-mail address as spam.
This is website spoofing
Misfortune never comes alone. And neither does e-mail spoofing. Cybercriminals often go one step further and lead you to a fake website through their unsafe e-mails. This is how you end up dealing with website spoofing.
So this form of spoofing is very difficult to detect, because when you click on a link in a fake e-mail, you end up on a bogus website or web store (including products) that looks exactly like the official website of, say, a well-known insurance company.
Quickly recognize website spoofing
So the spoofers recreate that real website, hoping to gain your trust and get you to enter your personal details (like your PIN, for example).
Would you like to be able to recognise and stop this form of spoofing very quickly? Just check the web link in your address bar. Because while it may look like the official URL, you will notice strange characters here and there or letters that have swapped places.
If you do not trust it, type the URL directly in your address bar and check the IP address. You will easily notice that the official website still looks slightly different than the fake one. This is how you can outsmart scammers.
Make sure your website is properly secured
This way, you will prevent visitors from suspecting your website of spoofing. We at Combell can help you install an SSL certificate. This will give your website a secure HTTPS version and the associated padlock icon next to your web address. Now, that is a secure and reliable website!
This is caller ID spoofing
Who am I talking to? Let us hope it is not a criminal who is trying to scam you with a phone call! This form of spoofing involves scammers using a different phone number, meaning you will see fake information on your caller ID display.
In most cases, these are bogus phone numbers from well-known companies or agencies you trust. But on the other end of the line (i.e. with the fraudster), a whole scenario is ready to scam you via your phone.
During the conversations, the ill-intentioned callers will want you to transfer money, install dangerous software or share confidential data with them. The info they will manage to steal will then be used in other forms of fraud.
Beware of help desk fraud
Helpdesk fraud is also a common variant of caller ID spoofing. It appears as if the caller works as a helpdesk operator for Microsoft, Apple or any other big tech company. How does the scammer proceed? This person will try to convince you to hand over control of your computer – supposedly to help you, but actually to steal money from you or install shady software on your computer.
Even though, as our customer, you can reach Combell's support team day and night, our friendly colleagues from our helpdesk will generally not call you up themselves. Let alone ask you to share your PIN or transfer money. This will never happen!
Remember: a helpdesk operator will never contact you without a very good reason!
What can you do to prevent spoofing?
You can print out this blog post, distribute it within your network and pin it above your desk. To avoid being deceived in the first place, make sure to keep a few simple tips in mind:
- Use a spam filter on your e-mails
- Check whether e-mail addresses and e-mails contain any spelling mistakes or strange symbols
- Check the URL of a website
- Never click on links or URLs that do not look safe
- Use a password management tool
- Change your passwords on a regular basis
How Combell helps you to combat spoofing
Have you already installed an SSL certificate and given serious thought to using that Sender Policy Framework record for free? Create an SPF record yourself via your control panel or ask our support team to do it for you.
If you follow these few simple steps, you will be well on your way to protecting yourself from spoofing. But securing your online business against the many threats of the Internet goes much further than that.
Do not do that on your own, or better yet: do not do it and leave that in the hands of Combell. Because if you choose Combell as your hosting partner, your website will be in the safest hands in Internet land.