You would think you could trust your caller ID when you receive a call, but that is not always the case, thanks to spoofing. Spoofing is a scam where fraudsters pretend to be someone you trust in an attempt to gain your personal information. They might pretend to be an organization, business, neighbor, or anyone else with whom you may interact.
Spoofing can take place through email (phishing), text message (smishing), fake URLs, or caller ID. During the month of May, Capital Area District Libraries of Michigan received notification that potential scammers were using their phone number to call people in the community. The spoofers would ask questions seemingly related to the library, and then proceed to ask more personal questions to gather information. Check out these common forms of spoofing so you can avoid becoming a victim.
URL spoofing takes place when fraudsters set up fake websites in an attempt to get their victims to install malware or to steal their victim’s personal information. For example, you might think you are clicking on the website for your credit card company, but instead be led to a spoof site. Once you enter your login information, the scammer has access to that card’s account information. They also may try credential stuffing to see if they can gain access to other accounts you are associated with that use the same login information.
Consider the source of any links, attachments, or pop-ups before opening them. If you receive emails or texts requesting personal information, call the business directly to verify if the request is legitimate. Try bookmarking frequently used websites to minimize the likelihood of clicking on fraudulent look-alike sites. Don’t forget to set strong, unique passwords for each account you create to avoid multiple accounts being hacked with the same information.
Caller ID spoofing
When a scammer uses caller ID spoofing, they mask the number from which they are calling to see if they can get you to answer. They may imitate a business, government agency, neighbor, or someone from your local area. Once they have you on the phone, they may pressure or threaten you into giving them personal information. They may also try to disguise themselves as a trusted source by bringing up information about you that they found on public websites or social media pages.
If you receive a call from someone requesting personal or financial information, ask for the representative’s name and hang up. Call the person or organization back using their advertised phone number to verify the conversation. If the entity has no knowledge of the conversation, you may have just avoided a scam.
Help, I’ve been spoofed!
If you feel you have been contacted or victimized by a spoofer, call your financial institution to make them aware of the information you shared. After that, contact the Federal Communications Commission’s Consumer Complaint Center at fcc.gov. This will add the incident to their database to help publicize the fraud. You may also contact your local police office to file a report to help document potential future fraud based on the information that may have been provided to the spoofer.