Sources: https://security.ucop.edu/files/documents/how-to-spot-a-phishing-email.pdf
Have you ever received messages or received calls on behalf of suspicious companies, institutions, or official institutions? If so, you have to be more careful if you receive it again because it could be a mode of online fraud through spoofing.
In this article, we will discuss what spoofing is, its types, and how to deal with it so you can avoid this fraud mode.
What is Spoofing?
Spoofing is a form of cybercrime with the practice of disguising information in which, in practice, the perpetrator acts as if he is an authority, such as from a bank or other institution, to gain unauthorized access to a computer, cell phone or mobile phone, email, or information system.
Spoofing usually displays a fake email/name/phone number on a computer to hide their identity. This is also to give the impression that the victim is dealing with a legitimate company, institution, or agency.
The purpose of spoofing actors is to obtain sensitive information, such as personal and organizational information, which can cause material losses for victims.
Spoofing Type
In practice, several types of spoofing are often encountered as follows:
-
Spoofing emails
Email spoofing is the most common type of spoofing. Email spoofing is carried out by sending email messages that use fake addresses on behalf of certain parties. The goal is to ask the target to do what the perpetrator orders, such as clicking on a link that contains malware to make it easier for the perpetrator to steal data.
There are several characteristics of email spoofing, namely:
-
Use a public email address
Perpetrators usually use a public email address not from the official domain of a company or agency. For example, the official email address for Bank MAS customer service is care@bankmas.co.id while there is email spoofing using a free provider that is often used, such as cs.bankmas@gmail.com.
-
Request sensitive data
Email spoofing perpetrators often ask for sensitive data such as credit card numbers, account numbers, internet or mobile banking accounts, and passwords to gain material advantage from their victims.
-
Have attachments or attachments that are foreign
Spoofing email perpetrators usually insert or attach foreign files in various formats, such as .HTML or .EXE, which contain malware to infiltrate the victim's device.
-
Typo
In contrast to official emails from companies or agencies, spoofing emails are often marked with typos or typos. This is because perpetrators send messages to a large number of targets, so it is unlikely that they will proofread each message.
-
Contain an urgent message
The last feature of email spoofing is an urgent message sent by the perpetrator to trigger panic in the victim so that he obeys their orders in the email without thinking anymore.
-
Website or URL Spoofing
This type of spoofing relies on websites as a trick-to-trick victim by creating fake websites, falsifying the appearance of the imitated website to obtain usernames and passwords, and inserting malware onto your device so that perpetrators can easily steal other important data.
-
Caller ID Spoofing
Caller ID spoofing is an action that is deliberately carried out by changing the telephone ID number on the display of the intended number when making a call. This is done by spoofing actors to disguise their identity so you cannot trace their number and to make it easier for them to commit fraud by posing as a certain party, for example, on behalf of a bank employee who wants to collect a loan or debt.
Here are some features of Caller ID spoofing:
-
Foreign number
If you get a foreign number that is not associated with a certain country's telephone number, for example, +6666, it could indicate a fake number or Caller ID Spoofing mode.
-
Recording sound
In some cases, Caller ID spoofing uses robocalls to commit crimes. On these calls, you may be asked a "yes" or "no" answer or dial a number for further instructions. If you get a call like this, you better hang up immediately.
-
Creates a sense of urgency
Another feature of Caller ID spoofing is that the perpetrator will try to create a sense of urgency or push the victim. One mode often encountered, for example, is that the perpetrator will inform if a friend or family member of the caller is in danger and needs money as soon as possible.
The perpetrator took this action to frighten the victim and make the victim act quickly without confirming that the call was true and in accordance with what the perpetrator explained.
-
Request personal information
The final feature of Caller ID spoofing is that the perpetrator will try to trick the victim into providing personal information on credit card numbers, account numbers, and other financial accounts. If you receive a call asking for this information, hanging up immediately is better.
-
Spoofing SMS
SMS Spoofing has the same practice as Caller ID Spoofing, in which perpetrators change their cellular numbers with other numbers to disguise their identities and deceive victims on behalf of companies, institutions, or official agencies. The perpetrator will send the target victim a fraudulent message or link containing malware.
Apart from the 4 types of spoofing above, there are other types, such as identify spoofing, IP spoofing, Man in the Middle Attacks, and MAC Spoofing, that you can understand so that your daily transactions remain safe.
How to Overcome Spoofing
Here are some ways to deal with spoofing that you can do:
- Don't easily believe information from SMS, WhatsApp, email, or telephone.
- Do not click links or links from unknown numbers or email addresses.
- Never share personal data such as addresses, phone numbers, or banking information.
- Use two-factor authentication to sign into accounts.
- You can also activate DomainKeys Identified Mail (DKIM) on Google to prevent incoming spam emails.
- Avoid visiting websites that do not have a security certificate or do not have a locked padlock symbol.
That's the explanation about spoofing. You can also read other safe transaction tips on the Bank MAS website so that your transactions remain safe and avoid various modes of online fraud.
Sources: