What is Spoofing?

Spoofing is a type of scam in which criminals attempt to obtain someone's personal information by pretending to be a legitimate business, a neighbor, or some other innocent party.

Key Takeaways

  • Spoofing to trick you into divulging personal information can be done through email, text messages, caller ID, even GPS receivers.
  • Be skeptical of any request for personal information, download files only from trusted sources, and install antivirus software.
  • If you think you’ve been spoofed, file a complaint at the FCC's Consumer Complaint Center; if you've lost money, also contact the local police.

How Spoofing Works

There are several kinds of spoofing, including email spoofing, text message spoofing, caller ID spoofing and URL and GPS spoofing. In short, if there's a form of online communication, spoofers are trying to scam their way into it—and into your identity and your assets.

Email spoofing

Sometimes referred to as phishing, this tactic is used by both dishonest advertisers and outright thieves. The spoofer sends out emails with a falsified “From:” line to try to trick victims into believing that the message is from a friend, their bank, or some other legitimate source. Any email that asks for your password, Social Security number, or any other personal information could be a trick.

Text message spoofing

Sometimes referred to as smishing, this is similar to email spoofing. The text message may appear to come from a legitimate source, such as your bank. It may request that you call a certain phone number or click on a link within the message, with the goal of getting you to divulge personal information.

Caller ID spoofing,

Here, the spoofer falsifies the phone number from which they are calling in hope of getting you to take their call. On your caller ID, it might appear that the call is coming from a legitimate business or government agency, such as the Internal Revenue Service. (Note that the IRS says it doesn't call taxpayers to tell them they owe taxes without first sending them a bill in the mail.)

Spoofing comes in many forms, but the goal is usually to trick people into divulging personal information that criminals can use.

Neighbor spoofing,

This is a type of caller ID spoofing in which the call will appear to be from someone you know or a person who lives near you. The Federal Communications Commission (FCC) says that the Truth in Caller ID Act prohibits "anyone from transmitting misleading or inaccurate caller ID information with the intent to defraud, cause harm or wrongly obtain anything of value." If they're caught (and that's a big "if"), the spoofer can face penalties of up to $10,000 for each violation.

URL spoofing

is when scammers set up a fraudulent website to obtain information from victims or to install malware on their computers. For instance, victims might be directed to a site that looks like it belongs to their bank or credit card company and be asked to log in using their user ID and password. If the person falls for it and actually logs in, the scammer could use the information the victim typed in to log into the real site and access their accounts.

GPS spoofing

has a somewhat different purpose. It attempts to trick a GPS receiver into believing it is in a different location or headed in a different direction, by broadcasting bogus GPS signals or other means. At this point, GPS spoofing is more likely to be used in warfare or by gamers than to target individual consumers, although the technology exists to make anyone vulnerable.

How to Handle Spoofing Attempts

Be skeptical whenever you receive a message asking for personal information and download files only from trusted sources. Install antivirus software any computers you use and keep it up to date.

If you get an inquiry seeking personal information, don’t provide it. Hang up (or log off) and then look up the phone number or customer service email address from the entity purportedly contacting you for your personal information.

If you think you’ve been spoofed, you can file a complaint at the FCC's Consumer Complaint Center. The FCC doesn't act on individual complaints but will add that information to its database. If you've lost money because of spoofing, the FCC recommends contacting your local police.