Phone Number Spoofing
Scammers are using fake caller ID information to trick you into thinking they are someone local, someone you trust – like a government agency or police department, or a company you do business with – like your bank or cable provider. Don’t rely on caller ID to verify who’s calling. It can be nearly impossible to tell whether the caller ID information is real.
Source: United States Federal Trade Commission, www.ftc.gov
Website Spoofing
In a social engineering attack, an attacker uses human interaction to manipulate a person into providing them information. People have a natural tendency to trust.
Social engineering attacks attempt to exploit this tendency in order to steal your information. Website spoofing is the act of creating a fake website to mislead individuals into sharing sensitive information. Spoof websites are typically made to look exactly like a legitimate website published by a trusted organization.
Prevention Tips:
- Pay attention to the web address (URL) of websites. A website may look legitimate, but the URL may have a variation in spelling or use a different domain.
- If you are suspicious of a website, close it and contact the company directly.
- Do not click links on social networking sites, pop-up windows, or non-trusted websites. Links can take you to a different website than their labels indicate.
- Typing an address in your browser is a safer alternative. Only give sensitive information to websites using a secure connection. Verify the web address begins with "https://" (the "s" is for secure) rather than just "http://". Avoid using websites when your browser displays certificate errors or warnings.