How to tell if you’re being spoofed

Many cybers attacks now take the form of using fake/spoof communication to trick victims into parting with personal (or company) data, or money. We take a look at some of the most popular and widely reported methods and how to avoid falling victim to them.

Phishing

This is a very common form of spoofing attack. Cyber-criminals send their victims emails which appear to be from legitimate organisations or contacts (or in some cases use fake SMS containing links or voicemails). When the victim clicks on the link of the phishing email, they are either directed to a spoof website payment page to steal their details or money, or have malicious software loaded onto their device to allow cybercriminals to take control of that device, log keystrokes, gain access to personal information and financial data (for financial theft and identity theft), or simply direct the victim to a payment page.

How To Spot Phishing Emails

There are several ways to spot phishing emails. Examples of these in which you can identify a phishing email include:

Online requests for personal and financial information (e.g. from government agencies) are very unlikely to be sent by email from legitimate sources. Generic greetings. Scammers are less likely to use your name to personalise the email greeting and title. Mistakes in spelling and grammar can be signs of scam emails. Check the email address by hovering your mouse (without clicking) over the link in the email. This can quickly reveal if the email isn’t genuine. Beware of heavy emotional appeals that urge you to act immediately. These are signs of scam emails that hope to bypass your reasoning and tap into an emotional response.

Vishing Scams

Vishing is a combination of ‘voice’ and ‘phishing’ and describes the criminal process of using internet telephone service (VoIP) calls to deceive victims into divulging personal and payment data.

Vishing scams to (domestic) homes often use recorded voice messages (e.g., claiming to be from banks and government agencies) to make victims respond in the first instance.

The technology used by scammers is now such that voice simulation may even be used in more sophisticated attacks on big businesses.

Examples of vishing include spoof calls pertaining to be from banks or credit card companies with messages asking the victim to call a certain number to reset their password, exaggerated (almost too good to be true) investment opportunities, bogus charitable requests for urgent causes and recent disasters, calls claiming to be from government agencies (e.g. the tax office), or bogus tech support calls to fix fake problems with computers.

How To Guard Against Vishing

Ways to protect you and your business from falling victim to vishing include:

Don’t trust caller ID to be 100 per cent accurate, numbers can be faked. Don’t answer phone calls to unknown numbers. Be wary of unsolicited alleged calls from banks, credit card companies or government agencies. Include phishing, vishing, smishing and other variants with your security awareness training for employees. Avoid using a gift card or a wire/direct money transfer. Don’t give in to pressure.

SMS Spoofing

SMS spoofing involves changing who an SMS message appears to come from by replacing the originating mobile number (Sender ID) with alphanumeric text. Examples of this ploy include impersonating a user that has roamed onto a foreign network and is submitting messages to the home network , or impersonating a bank and including a phishing message that tricks users into clicking on a link.

How To Guard Against Spoof SMS Messages

Some key things to remember to avoid falling victim to spoof SMS messages include:

Be very sceptical of ‘too good to be true’ offers and remember that organisations such as your bank are extremely unlikely to text you and will never ask for personal details this way. Avoid clicking on links in SMS messages. If you receive texts that you have any suspicion about and have questions, go to the website, call (using the number from the official website) or email instead. Don’t share your mobile number unless it’s really necessary. Beware of SMS messages about verification codes, password resets, or anything that’s asking for personal information. Report any SMS spoofing attempts to Action Fraud.

Smishing

Smishing is where an attacker sends a text/SMS message purporting to be from a reputable company, in this case, the Royal Mail or a parcel delivery company/courier service. The idea is that the recipient (who may be expecting a parcel delivery) is fooled into clicking on the link in the text message and this either send sends the attacker personal information (credit card number or password) or downloads a malicious program/malware to the victim’s phone. The malware can be used for snooping on the user’s smartphone data or sending sensitive data (silently) to an attacker-controlled server.

Parcel delivery scams account for more than half of all reported text phishing, or ‘smishing’ attacks in the UK. For example, new data shows that from 15 April to 14 July 2021, 53.2 per cent of reported scam text messages were from attackers posing as postal delivery firms. Also, from 14 June and 14 July, parcel and package delivery scams accounted for 67.4 per cent of all smishing attempts.

How To Protect Yourself Against Smishing Attacks

Ways that you can protect yourself and your business from smishing include.

(Again) remember that financial institutions never send text messages asking for credentials or transfer of money and credit card numbers, ATM PINs, or banking information should never be sent to someone in text messages. Beware of (scam) messages offering fast money (e.g., from winning prizes or collecting cash after entering information). A message received from a number with only a few digits is a sign that it probably came from an email address, which is a common sign of spam/scams. Avoid storing any banking details on a mobile device (in case of malware). Be wary of any delivery-related text messages other than the standard day/time of delivery messages. If you receive a smishing text, to protect other users, send the message to your telecom’s number so that it can be investigated. Also, report such messages to Action Fraud (https://www.actionfraud.police.uk/).

Deepfake Videos and Audio

Deepfake videos use deep learning technology and manipulated images of target individuals (found online), often celebrities, politicians, and other well-known people to create an embarrassing or scandalous video e.g., pornography, violent behaviour, or of the victim saying something they would not normally say but could be very damaging to their reputation if believed. The AI aspect of the technology makes the spoof videos very convincing. Deepfake videos are used by criminals to cause damage the reputations of victims and/or to extract ransoms from their target victims.

Deepfake Audio

Deepfake ‘ransomware’ can also involve using AI to manipulate audio in order to create a damaging or embarrassing recording of someone, or to mimic someone for fraud or extortion purposes. For example, in March 2019, a group of hackers were able to use AI software to mimic (create a deep fake) of an energy company CEO’s voice in order to successfully steal £201,000.

Other Spoofing Attacks & Scams

Some other popular spoofing attacks and methods include:

Man-in-the-Middle Attacks

If cyber-criminals are able to gain access to a person’s communications accounts e.g., your email (perhaps using stolen credentials, spyware, malware), they can intercept web traffic between two parties and the communication between the parties to re-route funds or solicit sensitive personal information like credit card numbers or logins.

Extension spoofing

This is where cybercriminals disguise executable malware files to make victims feel as though they can safely click on them (e.g. if received in an email). For example, a .exe file, which would normally be a security red flag, can be made to appear as a .txt (Notepad) file.

Checking If Your Details Have Been Stolen

Some attacks happen because a user’s personal data has been stolen in other attacks and/or traded online. One way to check whether your details have been stolen is to visit https://haveibeenpwned.com/

What Does This Mean For Your Business?

The message here is that today’s cybercriminals would much rather rely upon human error and spoof scams than go to the time and trouble of trying to hack into secure systems. Human error can be relied upon to be ever-present to a degree, which is why spoofing is so effective. It appears that almost anything can now be faked, and it is up to businesses not just to take the necessary cyber protection measures (anti-virus, 2FA etc) but to educate staff in what spoofing scams they may encounter, how to spot them, and to have policies and procedures in place for dealing with and checking certain types of approaches, messages, and enquiries.

It is important that all staff are particularly aware of email threats and can exercise a healthy degree of scepticism and judgement. New staff, staff in new roles, temporary staff, or staff with a known aversion to IT may be particularly vulnerable to these attacks and should receive extra attention in terms of cyber security education and training.

About J700 Group

J700 Group are a Lancashire-based, family-run, professional and responsive, Managed Solutions Provider helping Businesses, the Education Sector, and the Healthcare Sector to utilise Innovative IT Consultancy Services, Cloud Solutions, Cyber Security, Microsoft 365, Telecoms, Web Design and SEO solutions to propel their organisation to the next level and beyond.

As an experienced IT Support Provider, helping businesses across Lancashire & Manchester, if you need any assistance with your IT including IT Hardware, a Disaster Recovery Policy or Managed Backup Solutions; Contact us today to see how we can help your business.

Enjoyed this? Read more from J700 Group Limited

Latest news

1

Chiptech announces major innovation initiative at high-profile reception with the New Zealand Prime Minister in London. The Rt Hon Jonathan Reynolds, the Rt Hon Christopher Luxon and the Rt Hon Steve Reed (L-R Front Row) David Hammond, and Daniel Knowles

Chiptech announces major innovation initiative at high-profile reception with the New Zealand Prime Minister in London.

30 Apr 2025

2

Northstone secures full planning permission for 50 new homes in Edenfield Edenfield housing development

Northstone secures full planning permission for 50 new homes in Edenfield

29 Apr 2025

3

Ring Stones Maintenance and Construction celebrates completion of Dovestone Gardens Dovestone Gardens launch

Ring Stones Maintenance and Construction celebrates completion of Dovestone Gardens

29 Apr 2025

4

PHX Training welcomes new business leader to drive learner success Louise Kirby

PHX Training welcomes new business leader to drive learner success

29 Apr 2025

5

Lidl to invest half a billion pounds in its expansion as it eyes sites in Lancashire Lidl

Lidl to invest half a billion pounds in its expansion as it eyes sites in Lancashire

29 Apr 2025

Pc Prestonmacan Gif980x120 March
Background image for hub sign up block

LBV Hub

Leverage Lancashire Business View platforms

Post your news
Post your events
Post your offers
Build your network
Improve your SEO
Gain coverage in the magazine
Sign-up
Events
LBV122 May/June Launch Event
121 Lancashire Business View Magazine Launch
Networking
21 May 2025

LBV122 May/June Launch Event

Lancaster and Morecambe College, Lancaster, LA1 2TY

08:30 - 10:30

Sub36 Networking
Networking
11 Jun 2025

Sub36 Networking

British Jewellery School, Scorton, PR3 1BA

15:00 - 17:00

Lancashire Net Zero Carbon Conference
Net Zero Carbon Social 1200px 2
Networking
18 Jun 2025

Lancashire Net Zero Carbon Conference

Crow Wood Hotel & Spa Resort, Burnley, BB12 0RT

08:30 - 13:00

Lancashire Built Environment Conference 2025
BEC 315 X 315 Px
Networking
25 Sep 2025

Lancashire Built Environment Conference 2025

Blackpool Football Club, Blackpool, FY1 6HX

08:30 - 13:00

CMI Level 5 Management and Leadership Course
UCLanAerialCampus.jpg.jpg
LBV Hub Seminars
21 Feb 2025 - 21 Feb 2026

CMI Level 5 Management and Leadership Course

Preston Campus, Preston , PR1 2HE

09:00 - 17:00

CMI Level 5 Project Management Course
UCLanAerialCampus.jpg.jpg
LBV Hub Seminars
21 Feb 2025 - 21 Feb 2026

CMI Level 5 Project Management Course

Preston Campus, Preston, PR1 2HE

08:00 - 17:00

RISE - The Academy for Female Leaders and Managers
WENDY BOWERS RISE Illustrstion copy.jpg.jpg
LBV Hub Seminars
02 Apr 2025 - 08 Oct 2025

RISE - The Academy for Female Leaders and Managers

East Lancashire Chamber of Commerce, Clayton le Moors, BB5 5JR

09:00 - 15:30

Planning for the future + navigating Inheritance Tax changes
Planning for the future + navigating Inheritance Tax changes for website.png.png
LBV Hub Seminars
01 May 2025 - 01 May 2025

Planning for the future + navigating Inheritance Tax changes

Stanley House Hotel, Mellor, Blackburn, BB2 7NP, Blackburn, BB2 7NP

08:00 - 10:30

Advantage: AI – A Workshop for Business Leaders – May 2
EV-land-2025-05B.png.png
LBV Hub Seminars
02 May 2025 - 02 May 2025

Advantage: AI – A Workshop for Business Leaders – May 2

Door4 Office, Burnley Wharf, Manchester Road, Burnley, BB11 1JG

09:00 - 11:00

A night at the races
1.png.png
LBV Hub Dinners / Balls
02 May 2025 - 02 May 2025

A night at the races

Morecambe FC, Morecambe, LA4 4TB

19:00 - 23:59

Celebrating 50 years of KTP
UCLanAerialCampus.jpg.jpg
LBV Hub Networking
07 May 2025 - 07 May 2025

Celebrating 50 years of KTP

University of Central Lancashire , Preston, PR1 2HE

16:00 - 18:00

Research and Knowledge Exchange Showcase
13421_research_knowledge_exchange_2025_600x300.jpg.jpg
LBV Hub Awards
07 May 2025 - 08 May 2025

Research and Knowledge Exchange Showcase

University of Central Lancashire , Preston, PR1 2HE

09:00 - 17:00

Advertise with us

Reaching 50,000 members, our print, digital and event platforms offer a fantastic way to raise your business profile and help you grow.

Find out more Lbv121 Online Graphic
Subscribe now

Weekly news bulletin