Spoofing

Good morning to our wonderful members! Yes, it's still Thursday, but I wanted to ensure this went out before the start of Black Friday. Please enjoy this installment of Fraud Fridays alongside your Food Coma!

First, before we get into our core content, a short PSA. I hope everyone will remain safe during their Black Friday shopping sprees! Please keep in mind that Black Friday is a chaotic time and injury is commonplace. Keep an eye out for one another during these times of chaos. Shopping and prepping for the holidays should always be fun, but more importantly, safe for all involved. That having been said, below will be a list of tips to get through a crowd surge. Please make an effort to keep yourselves, and others, safe this holiday season.

Thank you for reading and onto our core content.

Now, in the holiday spirit, I've added a small mini game to our Fraud Friday. How many misspelt company names will you notice throughout this post?

Tonight, we will be discussing Spoofing! This will be a marginally long Fraud Friday as there are many forms of this con. Starting off, if there is a form of electronic communication, spoofers are trying to scam their way into it.

The types of Spoofing: This is not an exhaustive list of spoofing types, but rather the most common forms. These include Caller ID, E-mail, Short Message Service (SMS/Texting), and URL spoofing. Again, these are not all the forms of spoofing, just what is most common. If interest is shown, in the comment section below, I will cover other forms of spoofing in detail on a later Fraud Friday.

What is Spoofing? Spoofing is a common scam wherein the scammer will disguise an email address, display name, phone number, text message, or website URL, to convince the mark that they are interacting with a known, trusted source. Spoofing will often change only a singular letter to look as close to the proper name (e.g., Bank of Arnerica looks like Bank of America, Netffix rather than Netflix).

Spoofing is largely the same con run through multiple channels. Today, we will cover email spoofing and URL spoofing. This is the most rampant form of spoofing at the time of writing. A new email claiming to be from Arnazon arrives saying that there is an issue with your "recent purchase." The e-mail sometimes contains your name and maybe an item you may or may not recognize. Alongside the message "Your recent Amazom order has been cancelled due to fraudulent activity detected by our automatic system. Your account has been suspended on a temporary basis. "You're requested to activate your account by verifying your email address." Below this, you see a link or a button "VERIFY YOUR ACCOUNT." DO NOT PRESS THE BUTTON! Leave your email. Manually go to the Amazon app or to amazon.com. If your order is having issues, you will be able to see it in the official app or on the official website. Manually going to the site allows you to be sure that you are on the correct website.

Next, we will be discussing URL scams. As you are browsing facelook today, look at the font on your screen. Some letters may look like one another. We glossed over this method briefly in the second paragraph, but with letters that often look similar, a fraudster can trick you into going to their website rather than the website of reputable companies. These websites will rely on anything from an accidental keystroke to spoofing messages to put these sites before you. When you arrive to the site, you are generally met with a landing page similar to the legitimate website. This is to trick you into thinking that you have arrived at the right page. When you log into this fake page, your login information is forwarded directly to the scammer who will then take measures to lock you out of your account. So, the next time you're headed to Redbit, Twitler, Amizon, or Eaby, read your address bar to ensure that you are on the correct website.

Below are several ways to avoid Spoofing scams, courtesy of Investopedia.

There are several ways to protect yourself from would-be spoofing scammers:

Turn on your email’s spam filter. This will prevent many spoofed emails from ever landing in your inbox.

Don’t click on links or open attachments in emails from unknown senders. If there’s a chance that the email is legitimate, reach out directly to the sender to confirm that it’s real.

If you get a suspicious email or text asking you to log into your account for some reason, don’t click on the provided link. Instead, open a new tab or window (or the dedicated app on your phone) and log in directly to your account.

Display file extensions in Windows. Windows does not display file extensions by default, but you can change the setting. To do so, click the “View” tab in File Explorer and check the box to show file extensions. While this doesn’t prevent scammers from spoofing file extensions, you’ll be able to view any spoofed extensions and avoid opening any malicious files.

Invest in reputable cybersecurity software. Good software will alert you about potential threats, stop downloads, and prevent malware from taking over. Keep in mind that the software only works if you keep it updated and use it regularly.

If you get an inquiry seeking personal information, don’t provide it. Hang up (or log off) and then look up the phone number or customer service email address from the entity purportedly contacting you for your personal information.