Spoofing Help and Advice
'Spoofing' is a trick used by scammers to make an email, text or phone call look like it is from a person or company other than the person or place it is
from. It presents itself as what looks like a normal email, text, or phone call and usually shows on your device as coming from one of your normal contacts, or a company or organisation that you've either been in contact with before, or would expect to trust, such as the NHS, Government, BBC, BT, Gas Company, Water Company, etc., or even the Police. This can be very difficult to detect, unless you know what to look out for and can lead to even the most tech-aware people getting scammed!
Companies like Broadband suppliers, such as BT, Sky, TalkTalk etc., and software companies like Microsoft and Apple are often spoofed, as are our closest friends and relatives, in order to get your attention and trust - before trying to scam you! This can be by trying to scare you that you will lose this service, or are already the victim of a scam (one of the most common ones), or if it comes from one of your close family or friends, that they urgently need your help - usually money, with the need being straight away!
At this point, you are probably not yet a scam victim - but if you go along with the call or message and do what they ask, you almost certainly WILL become one! These companies do NOT normally contact customers, unless you're behind on your bill payments - certainly not to anyone that their PC, Laptop, or other device is 'infected'. Just hang up on these people.
As a text on a phone, it will usually show that it is from a trusted contact name, so that you automatically reply to it without thinking; instantly trusting it. These and other messages may even appear at the end of a current conversation you are having, or have been having with that specific contact - except that in the instance of a 'spoofed' message, it will be from a different person or organisation entirely, NOT the person it says it is. It will look just like a continuation of the existing message with that person or organisation, so always be on the alert and take your time to read and re-read it, before replying if you think it's safe - or deleting it and, if possible, blocking it!
The thing to look out for is anything out of the normal, or an unexpected request. If they ask you for money - for ANY reason - do NOT pay it, whoever it's from, or whatever reason they give - not without checking very carefuly first anyway! Before you do ANYTHING, contact the person
- by phone - and verify that it IS from them and that the message is genuine and that the reason for it is both genuine and reasonable.
Clearly, you will want to help a friend in need, or move forward with your house move etc. if that's what it's about, but if your 'Estate Agent' or 'Solicitor' or other organisation contacts you by message or email asking you to pay your fees, deposit, bill, or final payment etc. to a different account, or any specific account not already specified through normal (verified) channels, PHONE them via an already trusted number to verify that the information is correct, making sure that you can verify who you are speaking to - preferably by recognising the voice of someone you know and trust.
Whenever someone calls YOU, or sends you an email or message, you should be on your guard. That may sound like over-doing it, but let's be honest; when you receive a message of any sort, you actually have no idea who it's from, unless you can hear and recognise their voice! So, be wary of all INCOMING calls and communications. If you didn't initiate the call, then the best advice, is simply to hang upon them! Even if it sounds interesting, just make a mental or physical note of whatever and whoever they said they were, then look it up online in your osn time and call them back directly IF you are genuinely interested. Remember, if it sounds too good to be true, it probably is. That means it is also probably a scam, or a VERY risky investment or deal of some sort.
So, whether it's a phone call, email or text, if you are at all unsure of who or what it is, leave it a few hours, or a day or two, and phone or get in touch with tmem yourself, once you've had time to think about it and do some research. Even then, call them using a different phone if possible - or reboot/re-start (or preferably shut down for several seconds and then restart) your phone to clear any memory of incoming calls/numbers before calling them. Check the number you dial is the CORRECT one, taken from their previous (trusted) correspondence, phone book, advert, or (genuine) website - don't just use the one they called you on, or even a saved one without double-checking that first. When you call, ask for verification that you are speaking to the correct person or company by asking a question only they will know.
Whatever you do, do NOT click on any links in emails or messages! Be especially wary of messages via apps like WhatsApp or Skype or 'push' notifications via a web page (one that opens by itself). Do NOT open an attached invoice, photo, or other attachment! If there is one and you are unsure what it is, think it might be genuine, or are just curious, you can save the attachment to your hard drive or local storage (without opening it).
Just right-click (or press and hold on a phone/tablet) and select 'save as' or 'download' (whatever is normal for your device) and save it to somewhere where you can easily find it (you can usually create a new folder wherever you want at this point, so make one called 'scams' - or whatever else you want to call it - somewhere that's easy to find) and save it there. You can edit or change the name of the attachment at the time of saving it too - you don't have to use the original name or number. I usually give it a meaning ful name, followed by an underscore (_) and whatever it's original name was (so that I can remember what it is and where it came from), plus the original extension (.txt, .doc, .xls etc). If you change the extension, you probably won't be able to open it - not that you will want to just yet anyway!
So, why would you want to save an attachment if you're not going to open it? Well, once saved, you can select it (right-click on it, or press and hold on it in explorer, or file manager etc.) and select to scan it with your usual Internet Security software (which you do have installed, right?). Scan it with Norton, McAfee, Kaspersky, Vipre, Comodo, or whatever AntiVirus/Security software you have installed, PLUS someting like SuperAntispyware. IF it comes up with no reported problems after that, then you should be safe to open it - BUT, still be careful and don't click on any links inside! Even items and links from trusted companies and sites can be infected!
There is very little you can do to stop spoofed messages, as if you try to block them, you will either be unsuccessful, or you take the risk of possibly blocking the genuine, original, sender - which is strangely often your own email address! Yes, if you get an email from one of your own email addresses, it is almost certainly a spoofed, scam message! One of the common identifying things about spoofed messages, especially emails, is that they often have a very short message (usually just 'Hi' or 'Hello', often followed by your name, and/or sometimes something like 'thought you might like this', or 'you might find this interesting', or some such similar sentence), followed by a link.
Either that, or it will be a call to action, like telling you need to respond/click NOW or 'your account will be deleted...', or some similar scare tactics, or simply to ask you to click to 'confirm to unsubscribe' from some website or service (one you're probably NOT subscribed to, or even heard of), or that a bill or invoice for some made-up service or product is attached. Whether you've heard of them or not, it's still most likely a scanm - unless it's just your usual ebay, mobile, or other utility bill. Always, be careful and think first
When visiting official (or any) websites, make sure that the
part is spelt correctly (BBC., etc); the domain part (.co.uk, .com, etc.) is correct and that there are no extra letters or characters, apart from possibly
the main address name and separated from it by a period (full stop, or dot), such as https://www.
bbc.co.uk. This what is called a sub-domain, because it comes before (or 'under') the main web address. It will be safe
the main address (the name and domain part) is correct and safe and there are no extra characters elsewhere!
There will always be scammers who will try to get one over on you in times like this. At the best of times, they are the scum of the earth. At times like this, it is barely believable, but these people couldn't care less who they hurt, so be
careful! Firstly, check out the general advice on the rest of our site, as all of this is still very much pertinent, if not more so now.
Specifically however, be
aware of scam websites and text messages that claim to be relating to Coronavirus or Covid 19 help, essential supplies, or claims that you can get a grant, benefits, a tax refund, or anything like that. Any and all of these are suspect, so
tap or click on the links to, or in them, or buy from these websites.
click on links in messages or emails anyway (even if it is part of or a reply to/from a trusted contact which you have used before, as even these can be easily 'spoofed'.
Instead, go direct to the relevant site from a bookmark/favourite you have used before, or a search, but only after you have checked and have satisfied yourself that the website and the offer or whatever they are promoting is genuine
'could this be a scam'
you click, tap, or buy! Remember, you do NOT nee to pay or give your Credit/Debit Card details in order to register for government advice, help, benefits, loans, grants, or to get vaccinated!
If you're not sure, or if you're not confident about using the internet, ask for help from a friend or relative who is more experienced in these things if possible. There are tools available to enable people to connect to your computer, laptop or mobile phone remotely to help (see Tools & Utilities
), but ONLY allow someone you know and trust to do this - do NOT allow someone who has contacted you with an offer to help to do this if you have not known them for some time and DON'T trust them just because they tell you that they are calling from your bank, that they are the police, the council, your internet service provider, or something similar, this is almost certainly just a SCAM! (see Be Aware
Instead, go DIRECT to the main site that you want, or the usual, safe and trusted websites that you have used before and look for help there, like gov.co.uk.
click on links in text messages or emails,
if they take you to a 'Login Page', even if they come from your trusted contacts, (even when part of or a reply to/from a trusted contact), as phone numbers as well as email addresses can be 'spoofed' (made to look like they are coming from someone you trust, when they aren't!). The more urgent the message and the more desperate you are, or made to feel, the more likely it is to be a scam - DON'T be tricked into clicking on those links. Take care and Keep Safe.
Back to Top