Spoofing (identity deception) means an attacker falsifies the sender identity in email, a phone number, or a website to appear as a trusted source and trick you into sharing information. For example, a fake address in the “From” field of an email. Spoofing is a deception technique behind many types of cyber threats and fraud attacks.
What is the goal of spoofing?
- The goal is to deceive the recipient into believing a website, email, message, or call comes from a known and legitimate person or organization.
- Spoofing is often used as a tool to launch other attacks, including phishing.
What types of spoofing do small and medium businesses face most often?
- Email spoofing: Falsifying the sender in an email so the message looks like it came from a trusted person or organization (e.g., a CEO or business partner). This helps enable phishing or Business Email Compromise (BEC).
- Domain spoofing: Imitating an entire website by creating a domain name that looks very similar to the real one (e.g., with a small change) to mislead visitors.
- Caller ID spoofing: Faking a phone number so the caller appears to be a bank, government agency, or other trusted institution, often used in vishing (voice phishing).
- SMS spoofing: Fraudulent text messages posing as official communications from banks or services, often used in smishing (SMS phishing).
What is the difference between spoofing and phishing?
- Spoofing is often part of phishing attacks, where a faked email or phone call is used to trick a victim into giving up sensitive information, identity data, or money.
- Spoofing is a technical manipulation focused on faking identity details to enable further fraud.