Diff: Spoofing
Comparing revision #1 (2023-06-12 16:08:06) with revision #2 (2026-06-22 19:20:39).
| Old | New |
|---|---|
'''Spoofing''' is the act of making a message, call, network packet, website, address or identity appear to come from somewhere else. It is used in legitimate testing and administration, but it is also common in fraud, phishing, malware delivery and network attacks. |
|
Spoofing refers to the practice of falsifying or manipulating information to deceive recipients about the origin or identity of a communication. In the context of communication systems, spoofing can occur in various forms, such as email spoofing, IP spoofing, and caller ID spoofing. This wiki page focuses on the use of spoofing by scammers, particularly in phone systems. |
|
The common point is false origin. A spoofed call may show a trusted number, a spoofed email may appear to come from a known organisation, and a spoofed network packet may carry a forged source address. |
|
== Caller ID Spoofing == |
== Caller ID Spoofing == |
Caller ID spoofing is a technique used by scammers to manipulate the caller ID information displayed on the recipient's phone. By falsifying the caller ID, scammers can make it appear as if the call is coming from a different phone number, which could be a legitimate business, government agency, or even a familiar contact. This deception aims to gain the trust of the recipient and increase the likelihood of the scam's success. |
|
Caller ID spoofing changes or falsifies the number shown to the person receiving a call. The Federal Communications Commission describes it as deliberately falsifying caller ID information to disguise identity. |
|
== Common Scams Involving Spoofing == |
|
Scammers employ various techniques and scams that leverage caller ID spoofing to deceive and defraud unsuspecting individuals. Some common scams involving spoofing include: |
|
Scammers use caller ID spoofing to impersonate banks, police, government departments, delivery firms, relatives, employers or local numbers. The displayed number is therefore not proof that the call is genuine. |
|
=== 1. Impersonation Scams === |
|
Scammers may spoof the caller ID to impersonate a trusted entity, such as a bank, government agency, or tech support representative. They often use fear tactics, such as claiming that the recipient's account has been compromised or that legal action will be taken unless immediate action is taken. This can lead victims to disclose sensitive personal information or make fraudulent payments. |
|
== Email and Message Spoofing == |
|
Email spoofing makes a message appear to come from a person, business or domain that did not actually send it. It is often used with phishing links, invoice fraud, malware attachments and business email compromise. |
|
=== 2. Robocalls and Telemarketing Scams === |
|
Robocalls are automated phone calls that use spoofed caller IDs to deliver pre-recorded messages to a large number of recipients. Scammers may employ tactics such as offering fake prizes, promoting fraudulent products or services, or attempting to extract financial information. These scams can be highly disruptive and target vulnerable individuals. |
|
Text-message spoofing and smishing can also make a message appear inside a real conversation thread. This can make bank, delivery or authentication-code scams more convincing. |
|
=== 3. Romance Scams === |
|
Spoofing can be used in romance scams, where scammers create fake personas and manipulate caller ID to establish a false sense of trust. Victims may receive calls from the supposed romantic interest, further reinforcing the illusion of a genuine relationship. The scammer may eventually request money for various reasons, leading to financial loss for the victim. |
|
== Network Spoofing == |
|
In networking, spoofing can involve forged IP addresses, ARP spoofing, DNS spoofing or other attempts to make traffic appear to come from a trusted source. NIST's cybersecurity glossary describes spoofing in terms of faking a sending address or inducing a user or resource to take incorrect action. |
|
== Legality and Mitigation == |
|
The legality of caller ID spoofing varies across jurisdictions. In some regions, it is illegal to spoof caller IDs for fraudulent or malicious purposes. However, the enforcement of these laws can be challenging due to the global nature of the internet and telecommunication networks. |
|
Network spoofing can be used for denial-of-service attacks, man-in-the-middle attacks, traffic redirection and access attempts. |
|
To mitigate the risks associated with caller ID spoofing and scams, several measures can be taken: |
|
== Protection == |
|
Useful protection depends on the type of spoofing. For calls, a person should verify important requests using a known number or official channel. For emails and messages, links and attachments should be treated carefully, especially where money, passwords or urgency are involved. |
|
* Awareness and Education: Individuals should be aware of the existence of caller ID spoofing and the associated scams. Educating oneself about the techniques scammers use can help recognize and avoid falling victim to such scams. |
|
* Caller Verification: When receiving calls, it is essential to verify the identity of the caller independently. Avoid sharing personal information or making financial transactions based solely on information provided by the caller. |
|
* Call Blocking and Filtering: Utilize call blocking and filtering services or apps that can help identify and block potential scam calls. These tools can be effective in reducing unwanted calls and potential scam attempts. |
|
* Report and Inform: If you receive a spoofed call or believe you have encountered a scam, report the incident to your local authorities, as well as any relevant telecommunications regulatory bodies. Sharing information about scams and spoofing incidents can help raise awareness and assist in tracking down scammers. |
|
For organisations, controls include domain authentication, mail filtering, call-screening tools, network monitoring, secure DNS configuration and staff training. These controls reduce risk but do not remove the need for human checking. |
|
== See Also == |
== See Also == |
* [[Scambaiting]] |
|
* [[Phishing]] |
|
* [[Cybersecurity]] |
|
* [[Email Spoofing]] |
|
* [[Phishing|Phishing Scams]] |
|
* [[Internet Security]] |
|
== References == |
|
* [https://www.fcc.gov/consumers/guides/spoofing Federal Communications Commission: caller ID spoofing] |
|
* [https://www.fcc.gov/call-authentication Federal Communications Commission: caller ID authentication] |
|
* [https://csrc.nist.gov/glossary/term/spoofing NIST CSRC glossary: spoofing] |
|
* [https://www.ncsc.gov.uk/collection/phishing-scams National Cyber Security Centre: phishing scams] |
|
* [https://www.gov.uk/report-suspicious-emails-websites-phishing GOV.UK: report suspicious emails, websites and phishing] |
|
[[Category:Cybersecurity]] |
|
[[Category:Fraud]] |