Spoofing Scams


Spoofing Scams

This scam has a funny name, but the results can be serious. Criminals involved in online or phone spoofing try to gain your trust by making you believe they are from a legitimate source. So please don't fall for it! Here's what you must watch out for and ways to stay protected.

Email and Website Spoofing

Popular with scammers, email and website spoofing are part of many phishing schemes in which criminals try to earn your trust by pretending to be a business or organization you know. For example, you may receive an email with a logo and other details you recognize. But practice caution and look closely at the communication. Telltale signs of email spoofing include impersonal language, a slight variation in the sender's website address, and typos.

Your Social Security number is especially valuable to an identity thief, and they will try all sorts of schemes to trick you into revealing it.

Caller ID Spoofing

Another scam is caller ID spoofing. Chances are, you've already been targeted by this scheme. Using readily available technology, criminals can show ANY name or phone number they want on YOUR caller ID, making you more likely to answer.

Scammers can display your town or area code or even the first few digits of your phone number so that a caller appears local when they're far away. They may pose as a government agency like the Department of Veterans Affairs, a charity like the American Red Cross, or a company you do business with. One type of caller ID spoofing is where a criminal, posing as a representative from the Social Security Administration, calls you. The imposter says there's been a computer problem, and they need to confirm your Social Security number.

Be on the lookout for robocalls, suspicious business offers, requests for personal information, or anyone pressuring you to give out information or make a payment.

How to Protect Yourself

To avoid falling for a spoofing scam, you can do the following:

  • Be wary of email requests for personal or financial information – even if they appear to be from a business you know.
  • Don't reply, download attachments, click links, or log in to a linked website, which could be a dummy site designed to capture your online account information.
  • Don't automatically trust your caller ID. Verify phone and email requests by contacting the organization via their website or publicly listed phone number.
  • Delete suspicious emails right away.
  • Don't be afraid to hang up the phone.
  • Don't comply with requests for personal or payment information unless you initiate the conversation.

Remember: Legitimate businesses like your financial institution will NEVER reach out to ask for your account information or pressure you to act immediately.

What to Do If You’ve Been the Victim of a Scam

Here are some steps to take if you've been scammed:

  • Contact your financial institution right away if your accounts were compromised.
  • Change your online account logins. Use two-factor authentication to secure your accounts.
  • Within two to six weeks, check your credit report at AnnualCreditReport.com for signs of identity theft – like unfamiliar loan applications – and contact credit reporting agencies if you spot fraudulent activity. The three major credit reporting agencies are TransUnion, Equifax, and Experian. They can help you take steps to protect your information.
  • Report the scam to the U.S. Office of the Inspector General at OIG.SSA.gov/report.

Be alert for spoofing scams and know the tricks that criminals use so that you can see through their disguise.