icon of two gears to show concept of expanded lessons Expanded Lesson 5 min read

What is Spoofing and How Does it Work?

  • Facebook
  • Twitter
  • LinkedIn
  • LinkedIn Copied link to Clipboard!

Chances are that you’ve been the victim of a spoofing attempt by now. Spoofing is a type of cyberattack where someone pretends to be a trusted source so they can gain access to your personal information. In this article, you’ll learn what spoofing is, and more importantly, what you can do to keep your personal information safe.

concentrated stylish housewife in white blouse and black jacket in the modern living room in sunny day editing on a laptop while sitting on sofa. typing on keyboard

What is Spoofing?

Spoofing is when criminals attempt to gain access to your personal information. The goal is usually to steal your money, although sometimes they just want to spread malware via infected links or attachments. Either way, spoofing is extremely expensive, both to individuals and to corporations.

A successful cyberattack can lead to identity theft, infected computer systems and networks, data breaches or (if you’re a company) loss of revenue.

Types of Spoofing

Cybercriminals are getting increasingly sophisticated, targeting you through social media, emails, mobile apps and phone calls.

Email Spoofing

You’ve probably received several of these emails already. They are designed to look like an email from a trusted company, such as Amazon or Netflix. The emails indicate there’s a problem with your account or your password has been compromised and they include a link so you can click on that and access your account. Of course, the email is not actually from these companies and cybercriminals now have your information. This is also known as phishing and it’s very popular among scammers because it’s easy and works. Even if just a tiny percentage of the people scammers target actually click on the link, it’s worth it to them.

Certain companies are phished more often than others, with the most often impersonated companies being:

  • Google
  • Amazon
  • WhatsApp
  • Facebook
  • Microsoft
  • Outlook
  • Netflix
  • PayPal
  • Publishers Clearing House

Anytime you get an email from any of these companies, be suspicious. It could be legitimate, but it could be phishing. Do not click on the link in the email! Instead, search for the company in a web browser to see if it’s really from them. You can right-click and copy the hyperlink found in the email and paste it in a text document to see if it matches the website that shows up in search results. You can also check the hyperlink text to see if it has HTTPS, which means the server is encrypted and secure. Another way to check is to enter the URL into Google’s Transparency Reporting tool.

These emails prey on emotions like fear or greed. Such manipulation of your emotions to give up your personal information is called social engineering.

Some common phishing examples last year included:

  • Your account has been compromised and will be deactivated unless you click on this link and confirm your account details.
  • Your account has temporarily been suspended (Click here to verify your account).
  • Receive $10 off your next purchase when you click here. Some of these are actually legitimate, so it’s best to write down whatever coupon code they give you and type it in the company address.
  • Your order is confirmed. $312 will be withdrawn from your account when your order ships.

Did you know your credit card information sells for somewhere between $12 and $20 on the dark web? Terrifying, isn’t it?

Caller ID Spoofing

Caller ID spoofing is when a caller falsifies the information transmitted through caller ID. This can make it look like the call comes from a reputable company or even a government agency. Scammers know you’re more likely to answer a call that comes from the same area code you live in, because you think it’s from someone you know, so replicating your area code is a favorite tactic.

Website Spoofing

Website spoofing is when a scammer sets up a website to mimic a trusted website, such as Amazon or PayPal. Often, you can be led to such sites by clicking the link sent in a phishing email.

ARP Spoofing

ARP stands for Address Resolution Protocol. This is when hackers intercept information between two devices in the same Local Area Network (LAN). Basically, it lets hackers impersonate your PC and steal all of your traffic. This type of attack uses something called man in the middle attacks, where someone intercepts communication between two parties in order to either use or manipulate the information.

Social Media Spoofing

Social media is often a target of phishing and cyberattacks because most people have at least one social media account. Scammers can impersonate people and cull for information, which they can then use to guess your passwords. Be very wary of anyone asking for money.

How to Protect Yourself From Spoofing

Now that you know what spoofing is, how can you protect yourself against it?

Email Spoofing Protection

  • Check suspicious emails for typos and language that seems slightly off or uses poor grammar.
  • Don’t click on any links sent via email. If you have questions, go to the company’s website and see if there are any problems with your account (odds are, there won’t be).
  • Don’t open any attachments from someone you don’t know.
  • Check the sender’s address: if it seems weird or has a string of unrelated numbers and letters, it could be a scam.

If you think you have been spoofed, you can file a complaint with the FCC’s complaint center.  You can also go to IdentityTheft.gov to report any information you may have lost.

Caller ID Spoofing Protection

  • Don’t answer calls if you don’t recognize the number. If it’s a legit call, they’ll leave a message and you can call back.
  • If you do pick up, don’t give out any personal information. If you don’t recognize the person, just hang up.
  • If they say they are from the IRS, the social security administration, or the FBI, tell them you’ll call back. Then look up the number of the government agency and call them directly. The odds are they are not from any government agency. If they’re legit, they’ll understand.

Cell phone security is getting better at blocking spam calls, but hackers are always one step ahead. Protect yourself.

Website Spoofing Protection

  • Check the address. Legitimate companies usually use HTTPS because it’s encrypted, whereas scammers usually use HTTP because it’s not.
  • Change your passwords Don’t use the same password for multiple websites.
  • Use multi-factor authentication.
  • Use anti-virus and anti-malware software on your computer. Set it so that it updates automatically.


Social media Spoofing Protection

  • Consider setting your privacy settings so that only friends and family in your network can see your account
  • Think twice before clicking on any links, even if they appear to come from friends.
  • Think twice before playing fun games that may reveal personal information about you to hackers and scammers

Remember that Ent will never ask you to verify your account number, social security number, PIN or any other sensitive financial information.

With a little awareness and some extra precautions, you’ll be able to stay safe from scammers.

Related Resources

View All