Spoofing and phishing - two terms you've probably heard of, but what do they actually mean, how do they work, and how can you avoid becoming a victim? Let's find out...
What's Spoofing and Phishing?
Spoofing and phishing are two different things. The terms are often used together though to describe the process by which the bad guys try to trick you out of your personal information and your hard-earned cash.
Spoofing is the technique of making something appear to be something it's not - it could be building a fake banking website, or masking a link so that it appears to go to a trusted site. The aim of spoofing is to make you trust something you shouldn't.
Phishing is the process of trying to dupe individuals into disclosing private details. It could be your login credentials, your bank account numbers, your phone passcode, anything that's useful to criminals. Phishing often uses spoofing in order to achieve its goal - to trick you into disclosing sensitive information by making you think you're disclosing it safely to the intended recipient.
The cost of being duped
Bank of America customers are currently being targeted in a phishing scam designed to obtain their account details. Millions of phishing emails have been sent out in the hope of finding people with a Bank of America account, and attempting to trick them into clicking an email link to the spoofed Bank of America website and then entering their account details. Unfortunately, a growing number of people are tricked by these types of phishing scams; scams which are costing the global economy $4 billion each year.
The links above are very basic examples of how spoofing can work. Both of these links look the same, but one goes to the legitimate Bank of America site and the other goes somewhere else - Google in this case, just to make the point. It could have gone to a site which looked exactly like the Bank of America website, and it's easy to understand why some people may fall into the trap of clicking links which look okay.
Protecting yourself against Spoofing and Phishing
What to do:
- Don't trust unsolicited emails asking you for personal information, or requiring you to click website links to verify personal accounts.
- Don't use email links to visit banking websites
- Be aware of website address changes for sites in which you have to enter private information. If in doubt, don't enter your details.
- Check for https and the padlock symbol on banking and other secure websites. If it doesn't have it, don't use it.
- When visiting banking and other secure websites, use the normal process you've used before. If you use my1login you know using the website bookmark you created yourself will always take you to the same place.
- Always report fraudulent or suspicious e-mails to the service they purport to be from, forwarding the website address so it can be checked.
- For websites which use anti-phishing images make sure that image is always the same. If it ever changes, you're not on the legitimate site.
If you're concerned you've been duped into handing over personal details you should contact the relevant company and the police as soon as possible. If you've entered your bank details into a spoofed website, contact your bank using the information on the back of your card. The quicker you make your bank aware, the easier it is for them to reduce the risk of you being affected. If you've entered login credentials into a spoofed website, you should immediately visit the legitimate website and change those details.
Spoofing and phishing are growing problems, with the cost to the economy increasing each year. Knowing what to look out for, and knowing how to reduce your risk of exposure will help ensure you're not one of those affected by the scams.