What is Spoofing?

Reading Time: 4 minutes
Highlights
In this article

When someone or something pretends to be something else in an attempt to gain access to your personal information, it’s called spoofing. Learn more about the different types of spoofing, how to recognize spoofing and safety measures you can take. [Duration - 1:32]

Highlights:

  • Spoofing occurs when someone creates a fake identity in an attempt to gain access to your personal information.
  • Spoofing can occur across many different platforms. Spoof calling and caller ID spoofing are common strategies used to target and steal personal information.
  • Be cautious of unexpected calls from numbers you don’t recognize. If you receive a call from an unknown number that is nearly identical to your own, it’s highly likely that the call is from a scammer.

Spoofing occurs when someone creates a fake identity in an attempt to gain access to your money or personal information. Spoofers use many different strategies to contact you, including emails, texts and phone calls.

Common forms of spoofing

Spoofing attacks can occur across a variety of platforms. Some of the most commonly used methods include:

  • Phone call spoofing. Spoof calling is when the hacker uses an app or a piece of hardware to falsify their caller ID and phone number. It’s one of the most common methods used to target and steal personal information.

    Scammers may also fake the number of a government agency or company you know and trust, such as your power company or auto insurance provider. If you answer, they may use a script to impersonate a government official or customer service representative and attempt to gain access to your personal information.
     
  • Text spoofing. Similar to phone call spoofing, text spoofing involves a hacker using an app or website to mimic a phone number and contact you via text. Oftentimes, the text is what’s known as a smishing scam, meaning it may contain a link that, when clicked, can install malware on your device or ask you to input your private information.
     
  • Email spoofing. This type of spoofing occurs when hackers imitate emails that appear to be from organizations or companies you may commonly interact with, such as the U.S. Postal Service or a popular retailer. The email may include call-to-action messages; for example, a spoofer might indicate that your packages were not delivered or that one of your social media accounts has been locked. The most sophisticated email spoofs typically mimic the logos and graphics of these trusted organizations and aim to hide the fact that the email originated from a fraudulent source.
     
  • DNS spoofing. The Domain Name System (DNS) is like the “phonebook of the Internet.” When you access a website, DNS translates the domain or hostname you entered into a machine-friendly Internet Protocol (IP) address. IP addresses help your browser load pages more quickly and speed up your overall internet access. However, sometimes hackers are able to enter false information into a DNS cache, redirecting users to the wrong websites. This type of spoofing, also known as DNS cache poisoning, leads users to think they are going to a familiar website when they are actually being redirected to a fake site created by the hacker.
     
  • IP spoofing. This type of spoofing aims to hide the identity of the attacker and/or impersonate another computer system. IP spoofing is often used to access networks that authenticate users based on IP addresses, or to hijack a user’s computer session. It is also a crucial part of a distributed denial-of-service (DDoS) attack, which bombards its target with traffic until the system is overwhelmed with data and goes offline.
     
  • Website spoofing. In the case of website spoofing, hackers create a fake malicious website, typically with convincing, fully designed webpages that may even include digital certifications and password reset instructions. The goal is to trick visitors into thinking that they’re using a legitimate website. Links to these sorts of fake websites may be sent out via phishing links in emails or smishing links in text messages.
     

How to recognize spoof calling

Caller ID spoofing or call spoofing is one of the most common methods scammers use to access your personal information. In these circumstances, spoofers call you while mimicking your area code and sometimes the first three digits of your phone number. Because of the similarities with your own number, it may appear that the call is coming from someone you know nearby even though it’s from a stranger.

It’s extremely important to use caution around unexpected calls. If you receive a call from an unknown number that is nearly identical to your own, it’s highly likely that the call is from a scammer. It’s good practice to ignore the call and let it go to voicemail. Most legitimate callers will leave a message. Scammers, on the other hand, may leave suspicious-sounding automated messages or no message at all. Also, avoid calling back unfamiliar numbers when you can.

If you do decide to take the call, avoid answering “yes” or “no” to any questions. Some scammers may ask questions like “Can you hear me?” and then monitor the line for your answer. Unbeknownst to you, your answers may be recorded and later used to pose as you and gain access to your sensitive information.

Other measures you can take against spoofing

  • Learn the warning signs of phishing and spoofing scams. Protecting yourself against scams starts with recognizing the warning signs. Many government agencies such as the Federal Communications Commission (FCC.gov) and the Consumer Financial Protection Bureau (CFPB.gov) provide tips on how to better protect your personal information. You can also check out the identity theft resources available in the Equifax Knowledge Center to learn more about phishing and other common scams.
     
  • Don’t open or click anything from a suspicious message. Whether it be emails, texts or another form of communication, never click on any unsolicited links sent to you. Keep an eye out for any portions of a message that seem suspicious, and delete strange messages immediately. If you’re not sure whether an email from a company you know is legitimate, find the company’s contact information online and reach out to them separately.
     
  • Prioritize privacy online. Share as little of your personal information as possible on the internet. Avoid posting private details such as your full name, birthdate and home address on social media, and make sure you have secure passwords in place for all of your online accounts. Anytime you access a website and enter login information, double check that the URL is accurate to ensure you are accessing a legitimate website.
     
  • Monitor your credit reports and scores. Regularly review your credit reports and credit scores to make sure that the information is accurate and complete, and there are no signs of fraud or identity theft.

    For a free monthly VantageScore 3.0 credit score and Equifax credit report, create a myEquifax account and click "Get my free credit score" on your myEquifax dashboard to enroll in Equifax Core Credit™. A VantageScore is one of many types of credit scores. You can also get free credit reports annually from the three nationwide consumer reporting agencies (CRAs)—Equifax, TransUnion and Experian—at AnnualCreditReport.com. If your credit scores take an unexpected dip or you see something suspicious on your credit reports, consider placing a fraud alert or security freeze on your credit reports with the three nationwide CRAs.
     

While it may be impossible to avoid spoofing altogether, you can take these steps to stay alert and help protect your personal information from falling into the wrong hands.

Equifax Credit Monitoring

Sign up for a credit monitoring & ID theft protection product today!

For $19.95 per month, you can know where you stand with access to your 3-bureau credit report. Sign up for Equifax CompleteTM Premier today!

Learn More