The UK’s community bank, Metro Bank, is offering consumer guidance about the rise in spoofing scams. Spoofing is the act of disguising a communication, so that it appears to be from a known trusted source but is designed to enable a scammer to defraud you.
Spoofing takes place in various forms and can apply to websites, emails, phone calls and text messages. Spoofing can sometimes be easy to spot, but not always as fraudsters are carrying out more sophisticated spoofing attacks that require vigilance. Being aware of different spoofing methods and their signs can help you avoid being a victim.
“With a rise in both authorised push payment scams and card scams – it is important that customers are extra vigilant about the contact they are receiving,” explains Adam Speakman, head of fraud and investigations at Metro Bank. “Criminals are experts at impersonating people, organisations and the police so it can be difficult to spot scam texts, emails and phone calls.”
How to Spot Spoofing
Email Spoofing
The spoofer sends out emails with a falsified “From:” line to try to trick victims into believing that the message is from a legitimate source. Any email that asks for your password, or any other personal information could be a trick.
Text Message Spoofing
Like email spoofing, a text message may appear to come from a legitimate source. It may request that you call a certain phone number or click on a link within the message, with the goal of getting you to part with personal or confidential information.
Website Spoofing
Here a website is designed to mimic an existing site known and/or trusted by the user. Fraudsters use these sites to gain login and other personal information from users.
Phone number Spoofing
Fraudsters falsify phone numbers from which they are calling in hope of getting you to take their call. On your caller ID, it might appear that the call is coming from a legitimate business or government agency.
How to protect yourself
- Examine all communications, look out for poor spelling, incorrect or inconsistent grammar - these errors are often indicators of spoofing.
- Double-check the URL address of a website or the email sender address.
- Be alert to and do not click on links and attachments in unexpected text messages or emails.
- Use a different form of communication to confirm that the information you received is legitimate – e.g. if you receive a request/invoice via text or email, call the company or individual to confirm.
- Do not take phone calls at face value; be wary of callers requesting personal information.
- Do not be rushed into making a decision, if something doesn’t seem right, hang up and call back using a number you know to be legitimate.
- Do not respond to requests for money or important personal information such as bank details or passwords.