Protect Yourself from Spoofing & Phishing

Spoofing

Spoofing is when someone disguises an email address, sender name, phone number, or website URL—often just by changing one letter, symbol, or number—to convince you that you are interacting with a trusted source.

Criminals count on being able to manipulate you into believing that these spoofed communications are real, which can lead you to download malicious software, send money, or disclose personal, financial, or other sensitive information.


Phishing

Phishing schemes often use spoofing techniques to lure you in and get you to take the bait. These scams are designed to trick you into giving information to criminals that they should not have access to.

In a phishing scam, you might receive an email that appears to be from a legitimate business and is asking you to update or verify your personal information by replying to the email or visiting a website. But once you click on that link, you are sent to a spoofed website that might look nearly identical to the real thing—like your bank or credit card site—and asked to enter sensitive information like passwords, credit card numbers, banking PINs, etc. These fake websites are used solely to steal your information.


How to Protect Yourself from Spoofing and Phishing

  • Remember that companies generally do not contact you to ask for your username or password.
  • Do not click on anything in an unsolicited email or text message. Look up the company’s phone number on your own (do not use the one a potential scammer is providing) and call the company to ask if the request is legitimate.
  • Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
  • Be careful what you download. Never open an email attachment from someone you do not know and be wary of email attachments forwarded to you.
  • Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
  • Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.