ֱ

Spoofing

Spoofing – Look Out for Scammers in Disguise

Spoofing is the creation of messages with a forged sender address or name. This makes a message appear as if it originated from one source, when it actually was sent by another. For example, the scammer/phisher disguises an email address, sender name, phone number, or website link with something else that you are likely to trust. This is done to convince you that you are interacting with a legitimate person, company, or website.

You can see an example of email spoofing below. In this case, the sender’s email address appears to be the same address as the recipient’s. This gives off the illusion that the scammer has access to your account and is sending messages from it. In this case, no suspicious behavior was detected on the account, meaning that the scammer simply spoofed their email address and did not have control over the account.

A screenshot of a computer

Description automatically generated

Scammers can also spoof phone numbers. The caller ID can say the call or text is from your bank or a person you may know, even though it's not. They do this to trick people into providing their personal or financial information, or to get you to send money. Even if your caller ID says a call or text is from Chase bank (for example), it could be a scam. When in doubt, hang up and contact them directly from a known and trusted number.

How Can I Recognize Spoofing?

STOP and look carefully at the email addresses, sender names, phone numbers, or website links that are included in a message. Examine them closely and look for anything unusual. If you can’t tell where a message actually comes from, it is best to not respond to it.

For example: the caller ID may claim that your boss is calling you, but the phone number may be completely different than your boss’s real number. You may also be asked to click a link that claims to lead to a trustworthy website, but when you hover your cursor over it, you may see that it leads to a completely different site that.

Cybercriminals want you to believe these spoofed communications are real to lead you to download malicious software, send money, gift cards or disclose personal, financial, or other sensitive information. By recognizing spoofing, you are able to stop their plan and protect yourself!

Remember:

  • Since emails can be spoofed, it’s a good habit to “DZ” your cursor over an address before replying. If the email doesn’t match the sender’s name, report it to phish@kent.edu.
  • Links in email, texts and online posts are often the way cybercriminals compromise your computer and much more.
  • If you're unsure who an email is from, even if the details appear accurate DO NOT respond, and DO NOT click on any links or attachments found in that email.
  • Reputable companies should not contact you and ask you for your username or password.
  • ALWAYS examine the email address, URL and spelling used in any correspondence you receive.

Learn to Recognize 'Spoofing' and 'Phishing'

Scammers will try to trick you into giving them your passwords, Social Security number or other sensitive information to get access to your accounts or steal your identity.

They could do this through a call, email, text or fake websites. Learn more about their methods and how to protect yourself.