What is (and how to defend against) the spoofing scam

Since the dawn of time, scammers have tried to take advantage of the inexperience, ignorance and naivety of others to their advantage. Today, scammers combine deception with technology to create an unprecedented monster, lo spoofing which is added to the phishing. Spoofing is on the Cambridge dictionay “The act of making someone believe something that isn’t true. A joke”. Unfortunately, there is nothing funny about online spoofing and you have to be very careful. In practice the hacker with spoofing, they intercept our communications to trick users into believing that the email comes from someone they know or can trust – in most cases, a colleague, supplier or company. Using this trust, the attacker asks the recipient to disclose information or take some other action, such as clicking on an external site.

How does spoofing work?

«Spoofing is an” old “technique as much as the internet, but still very effective. Put simply, it is the art of imitating someone or something (in the sense of organizations such as banks or other entities) in an attempt to gain our trust, gain access to our systems, steal data, money or spread malware “, we explains Pierguido Iezzi, cybersecurity expert.

Pretending to be someone you are not is the oldest deception in the world. One thing that is enough to make us let our guard down and convince us to give information or take some kind of action. “For example, a spoofed email from Amazon asking about purchases we have never made is a powerful psychological lever that could convince us to click on a malicious link. From that malicious link, scammers will send us to a web page with a malware download or a forged login page, complete with a familiar logo, precisely for the purpose of collecting our username and password, “continues Iezzi.

A popular technique with impressive data: 3.1 billion spoof emails are sent every day, and over 90% of cyber attacks start with an email message. In 2019, the FBI reported that 467,000 cyber-attacks were successful, and 24% of them were email-based. Spoofing and phishing emails have had a worldwide impact that has been estimated at a cost of $ 26 billion since 2016.

«This technique, as mentioned, is” old “, but has found new lifeblood in the digital revolution – continues Iezzi. All of us on a daily basis, without even noticing, share an incredible amount of data, personal and otherwise. Inevitably, some of this data can be used as a “weapon” against us: for example, to write more and more authentic and refined spoofing messages ».

How to Protect Yourself from Email Spoofing

Unfortunately, even with an effective antivirus some malicious e-mail messages still reach the user’s mailbox. There are several steps you can take to avoid becoming a victim of email fraud. Here they are, point by point.

• Never click on links to access websites where you are asked to authenticate. Always type the official domain in the address bar of the browser and authenticate directly on the site.
• Copy and paste the contents of a suspicious email message into a search engine. Text used in a common phishing attack is likely to have already been reported and posted on the Internet.
• Be wary of who goes there when you receive an email that appears to come from an official source, but has spelling or grammar errors.
• Avoid opening attachments from suspicious or unknown senders.
• Emails promising money – or anything else that is too good to be true – are likely a scam.
• Pay attention to emails that create a sense of urgency or danger. Phishing and BEC attacks often try to short the recipients’ natural skepticism by suggesting that something bad will happen if they don’t act quickly. Treat links in emails with extra caution if the message warns of impending account closures, missed scheduled payments, or suspicious activity on one of your financial accounts. If you want to connect to a website, do it directly through your browser, do not click on the links in the emails.

Other Vanity Fair stories that may interest you

How to recognize scam emails and protect yourself

10 tricks to save on online purchases

Revenge porn on Telegram, 29 groups discovered in Italy

10 tricks to write emails that won’t be trashed