It’s your credit union or bank on the line asking for your account information – or is it? It may actually be a spoofing scam!
Let’s take a look at spoofing, how it works and red flags that can alert you to a possible spoofing scam.
What is spoofing?
Spoofing is the criminal act of disguising a communication from an unknown source to appear as if it’s being sent from a trusted and known contact. The ultimate goal of spoofing is to get the target to share their sensitive information and/or their money with the scammer. For example, a spoofer may pretend to represent a victim’s credit card company and lead them into sharing their account details.
Types of spoofing
Cybercriminals have a variety of ways to pull off their spoofing. Here are the more common forms:
1. Email spoofing
In email spoofing, an attacker sends an email message that appears to be from a known or trusted source. The emails often include links to harmful websites or attachments that will infect the victim’s device.
2. IP spoofing
In IP spoofing, an attacker tries to gain access to a system by sending messages via a bogus or spoofed address appearing to be from a recognized, trusted source, such as one on the same internal computer network.
3. Caller ID spoofing
Here, attackers make a phone call to a target that appears to be from a known caller. The scammer will often pose as the victim’s bank or credit union. The victim, believing they are speaking with a representative of their financial institution, will not hesitate to disclose their account information and passwords.
4. Facial spoofing
In this most recent form of spoofing, a scammer uses a photo or video of a target’s face to simulate their facial biometrics. This enables them to unlock accounts that can only be opened by facial recognition.
5. Website spoofing
In website spoofing, a scammer creates a bogus site that looks just like a reputable site the victim frequents. Attackers lure victims to this site to steal their login credentials and personal info.
6. Text-message spoofing
In this scam, also known as smishing, a victim gets a text message on their personal device that appears to have been sent from a trusted source, such as the victim’s financial institution, place of work or doctor’s office.
Deepfakes and spoofing
Deepfakes is a relatively new and dangerous tool for spoofers. A deepfake is a fake image, video or audio clip that has been edited to appear authentic. For example, a scammer may create a deepfake video using an image and audio recording of a celebrity to make it appear as if they are telling you to open a link or support a specific cause.
Protect yourself
Spoofing is a formidable danger for consumers across the economic spectrum, but with the right tools and knowledge, you can avoid falling victim to these scams. Here’s how to protect yourself from a spoofing attack:
- Turn on your email’s spam filter and mark incoming suspicious emails as spam.
- Use two-factor authentication and/or biometric logins when possible.
- Use strong, unique passwords across all of your accounts.
- Make sure your device’s security system is at its strongest setting and uses the most updated patches.
- Never click on links or open attachments from an unverified source.
- Never share personal information online or over the phone with an unknown contact.
- If you’re allegedly contacted by your financial institution and asked to provide your login credentials or account details, don’t respond. Contact your credit union or bank directly to ask about any possible issues with your account.
- Don’t take phone calls at face value, even with caller ID. If you suspect foul play, Google the phone number presented on the caller ID to see if it’s associated with scams.
- Identify deepfakes by looking for small details. Zoom into the image or video and verify if the words and lip movements are in sync. Look for lip color that looks unnatural, unrealistic facial hair, exaggeratedly wrinkled or smooth skin and non-existent moles.
Red flags
Look out for these red flags that can alert you to a possible spoofing attack:
- Websites with a URL that’s similar to the URL of a reputable site.
- Websites riddled with typos, unusual syntax and spelling errors.
- An alleged rep of your credit union or bank asks you to call a number that’s not associated with your financial institution.
- You’re asked to share your login credentials or account number with an unverified contact.
- Familiar corporate branding, such as logos, colors and call-to-action buttons in messages requesting you take action that’s out of the ordinary.
As a reminder, Market USA will never contact you to ask for your account information. This includes your passwords, credit card numbers, or any other sensitive data that you use to access our website or service. If you receive any suspicious emails, calls, or messages claiming to be from us and requesting such information, please do not respond and report them to us immediately.
Market USA Federal Credit Union is a full-service financial institution with locations in Maryland and South Carolina as well as nationwide locations through the Shared Branch Network.