Spoofing Scams & Fraud

Email spoofing scams are when emails are sent, often seemingly from legitimate businesses, but with false sender addresses. In a lot of cases, these emails seem to be valid emails from the business, with the scammer using the “From:” line to trick their victims into believing that the message is from a verified source. Remember that any email which asks for you to submit additional sensitive information is likely to be a spoofing scam. 

Email spoofing scams will likely include a number of features which, once you are familiar with them, make them much easier to spot. These include:

• False sender addresses which appear to be from someone who you know or a business you trust. 
• Missing sender details, or information that is hard to find or concealed within the email.
• Uses familiar corporate branding, such as colours, logos and wording, however, it might be outdated.
• You may notice spelling mistakes, bad grammar, unusual syntax or heightened formalities, such as “Good day Sir”.

With caller ID spoofing scams, the scammer will falsify a legitimate number in an attempt to bait you into answering the call. The number may appear on your display or be linked to show a suggested name, one which you would be more likely to trust, as a prompt to answer. This is a popular technique used by telemarketing companies, as well as scammers, to try and get you to purchase or invest in a product or service. As well as this, there is also an ID scam called neighbour spoofing, which is where scammers will impersonate someone you know or a person from the local area.

Text messaging scams, or SMS spoofing scams, follow similar patterns to email spoofing scams. The messages will initially appear to be coming from legitimate sources, such as your bank or a postage/shipping company. The message may request you to click on a link to reschedule a delivery or warn that there has been concerning activity within your account. Victims may then be redirected to a false site, or be sent to a payment portal. 

There is also a growing trend with this type of spoofing scam in that scammers are sending messages from an unknown number pretending to be a family member, such as a mum or child, and encouraging you to make conversation with them or send them money due to an unforeseen emergency. This plays on the social engineering aspect by using emotion to influence decisions. 

Website, or URL, spoofing scams occur when scammers create and set up a fraudulent site in an attempt to get information or money from victims or look to install malicious malware on their devices. Website spoofing scams will direct users to a website which looks like it belongs to their banking platform or energy provider and then ask them to provide their user ID and password. If the person logs in, then the scammer has the login credentials they entered and can then use this information to access multiple other platforms.

Spoofing scams can be highly sophisticated, so it is important that to avoid falling victim, you pay close attention to the details and trust your instincts. Be aware of accessing websites that have no SSL certificate (URLs without the padlock symbol), or URLs which begin with HTTP instead of HTTPS. 

With email spoofing scams, if you’re not sure about the legitimacy of the email, check the sender’s address and keep in mind that these scammers will use domains and addresses which look similar to legitimate emails. You can always copy and paste the email and search it online if you aren’t sure to see if anyone else has reported the email. 

In the UK, spoofing scams aren’t illegal, but perpetrators of certain forms of spoofing scams are subject to heavy fines. Compared to the US, where spoofing scams are an illegal activity, UK law still has some way to go in terms of how it deals with nuisance and resilient scammers. It has, however, been seen before that scammers who use call spoofing scams have been given large fines, depending on the severity of the scam activity.

Because spoofing scams aren’t illegal, a lot of victims feel as though they can’t do anything about it, but this isn’t the case. We recommend that, if you have been the victim of a spoofing scam, you get in touch with us to arrange a free consultation and see what we can do for your recovery case.

The terms spoofing and phishing are often used interchangeably, but they do mean different things. Spoofing is where there is a level of disguise, so the use of a fake email address, display name, website or phone number is used to trick victims into thinking that they are dealing with a legitimate and trusted source.

Phishing is used to trick potential victims into providing personal information and data which can then be used for identity theft. Many phishing criminals tend to lean on and use spoofing tactics to trick victims into believing that they are sharing their information with a trusted recipient.

There is nothing new about spoofing scams – they are a long-standing and highly common form of online scam. The word “spoof” actually dates back over a century and references trickery and deception, which is exactly what spoofing scams involve. Caller spoofing scams have been used for years by telemarketing companies, but different types of spoofing scams are becoming more complex and sophisticated, meaning that there are different types of scams which are gaining popularity with scammers.