Spoofing is a general term for tricking or deceiving. In the context of consumer data privacy, spoofing usually refers to email or caller ID spoofing. Spoofing is closely related to phishing or scamming and is sometimes used synonymously.
Email spoofing occurs when a scammer sends an email that appears to be from a legitimate email account, but the email address is actually forged. The scammer impersonates another by assuming the other’s email address. Scams that closely resemble this include situations where a scammer closely mimics the email address of a government agency or legitimate and usually well-known business or where a scammer hacks an actual legitimate email and sends out spam email from that real email address. Usually, the scammer emails the victim asking for personal information such as a username and password. Disclosing such information makes you vulnerable to identity theft, risking fraudulent debt and credit disaster.
There are several ways you can protect yourself against scammers using email spoofing.
- Look for spelling errors. Spoofers often change small details of website and domain names to appear official. For example, a spoofer may use a disguised sending address like “firstname.lastname@example.org” instead of “email@example.com” or a disguised website link of “www.paypals.com/signin” instead of “www.paypal.com/signin.”
- Check that the email is personalized. Spoofers often address emails generally, using greetings such as “Dear customer,” “Dear valued XYZ customer,” or “Dear XYZ user.” Nearly all major businesses have adopted policies requiring the use of personalized information in official emails. For example, an official bank email will usually include your name and the last four digits of your account number. Be cautious if you receive an email addressed generally asking for personal information.
- Look for threats. Spoofers usually create a sense of urgency with their emails. They may state that an account is overdrawn or indicate impending legal trouble using implicitly threatening language. If you believe the danger could be legitimate, contact the business directly rather than by replying to the threatening email.
- Double check email addresses and links. Almost all email programs allow users to check email addresses and links. When you hover your cursor over the text of an email address or link, a pop up should appear indicating the true location of the email or link. If the pop up location does not match the text of the email or link, it may be a spoof email.
- Trust your spam filters. Spam filters are designed to detect and block emails sent from abnormal or faulty addresses. If you see that an apparently important message has been filtered as spam, check it carefully to ensure it is not from a spoof email address.
- If you have any doubts, contact the business or other email sender directly. If you have any doubts that the email or link is not from the business or other entity that apparently sent the email, contact that entity directly using information you obtain from somewhere other than the potentially spoofed email.
Caller ID Spoofing
Some identity thieves disguise the number from which they are calling so it will appear as a different number on caller ID. This is often accomplished by using software that will mask the real number and show a dummy number. Usually, they want your money or to gain access to your personal information to commit identity theft.
Scammers want you to believe they are calling from a legitimate source and want to hide the actual number from which they call so it is harder to trace. Many scammers use numbers in certain area codes, such as Washington D.C. or even your own area code, to make the call seem more legitimate. There are scammers that also trick your phone technology into thinking it is calling itself (so your own number will pop up on caller ID) to mask the real number.
How can you defend against caller ID spoofing?
- Do not give out personal information to someone who has called you. If someone calls asking for important financial or personal information, ask for their contact information and ask to call back.
- Use an online search engine to reverse-lookup their phone number. Use the information you are given to check online whether the phone number is associated with any known scams.
- Do not trust caller ID. Unfortunately, caller ID is easily manipulated by spoofers, making it an unreliable source for identifying callers. If you have any doubts regarding the identity of a caller, hang up and call the business directly using official contact information.
- If you have any doubts, contact the source directly. Just as with email spoofing, if you have any doubts that the call is not from a legitimate source, contact the source directly using the accurate information you have obtained from a neutral source.
ePrivacy: Protect your privacy online
Shopping, social networking, browsing-these are popular activities on the Internet. However, this convenience comes with considerable risk to your security and privacy.
To protect your privacy online:
- Install anti-virus software, anti-spyware software, and a firewall and make sure it is up-to-date.
- Configure your browser or operating system to manage pop-ups, cookies, or block specific websites.
- Back up important files.
- Change your passwords regularly and use hard-to-guess passwords. Do not give your password to anyone.
- Clear your browsing history and sign out of accounts after using a public computer.
- Opt out of third party information sharing.
- Look for and read website privacy policies to learn how your information will be used and protected.
- Never share your social security number on public websites.
- Teach your children to be privacy savvy-talk to them about getting your permission before giving out information online.
- Do not access private accounts (such as bank or credit card) on a public computer or public Wi-Fi.
- Do not open email from an unknown or suspicious source, and never click on links asking for personal information.
- Only open attachments if you are expecting them and know what they contain.
Documents such as pay stubs, credit card statements, insurance information, retirement plan statements, and tax returns contain sensitive information that identity thieves could use to scam you. Sometimes, just disposing of these documents is not enough. Fraudsters may dumpster dive in hopes of finding your bank account number or social security number.
To protect against this, shred your documents and unwanted mail on a regular basis. Whether you buy a personal shredder for your home or find a business that provides shredding services, this is a simple step you can take to protect your personal information.
Here is a list of the documents you might consider shredding with a suggested timeline for retention:
- Tax returns and supporting documents: keep for 7 years for auditing purposes
- Banks statements: 1 year
- Pay stubs: 1 year
- Medical bills: 1 year, unless you have an unresolved medical dispute
- Credit card bills: immediately after you pay it
- Utility bills: immediately after you pay it
- Sales receipts: immediately, unless you want to keep it for warranty, tax, or insurance purposes
- Auto titles: keep until you sell the car
- Deed to your home: keep until you sell the home
You should keep these documents forever in a safe place:
- Birth or adoption certificates
- Social Security card
- Citizenship papers or passport
- Marriage or divorce decrees
- Death certificates of family members