Spoofing and Phishing
Spoofing is when someone disguises an email address, sender name, phone number, or website URL—often just by changing one letter, symbol, or number—to convince you that you are interacting with a trusted source.
For example, you might receive an email that looks like it’s from your boss, a company you’ve done business with, or even from someone in your family—but it actually isn’t.
Criminals count on being able to manipulate you into believing that these spoofed communications are real, which can lead you to download malicious software, send money, or disclose personal, financial, or other sensitive information.
Phishing schemes often use spoofing techniques to lure you in and get you to take the bait. These scams are designed to trick you into giving information to criminals that they shouldn’t have access to.
In a phishing scam, you might receive an email that appears to be from a legitimate business and is asking you to update or verify your personal information by replying to the email or visiting a website. The web address might look similar to one you’ve used before. The email may be convincing enough to get you to take the action requested.
But once you click on that link, you’re sent to a spoofed website that might look nearly identical to the real thing—like your bank or credit card site—and asked to enter sensitive information like passwords, credit card numbers, banking PINs, etc. These fake websites are used solely to steal your information.
Phishing has evolved and now has several variations that use similar techniques:
- Vishing scams happen over the phone, voice email, or VoIP (voice over Internet Protocol) calls.
- Smishing scams happen through SMS (text) messages.
- Pharming scams happen when malicious code is installed on your computer to redirect you to fake websites.
Spoofing and phishing are key parts of business email compromise scams.
How to Report
To report spoofing or phishing attempts—or to report that you’ve been a victim—file a complaint with the FBI’s Internet Crime Complaint Center (IC3).
How to Protect Yourself
- Remember that companies generally don’t contact you to ask for your username or password.
- Don’t click on anything in an unsolicited email or text message. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing), and call the company to ask if the request is legitimate.
- Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
- Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you.
- Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
- Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.
Public Service Announcements from IC3
03.20.2020 FBI Sees Rise in Fraud Schemes Related to the Coronavirus (COVID-19) Pandemic
Scammers are leveraging the COVID-19 pandemic to steal your money, your personal information, or both. Don’t let them.
06.10.2019 Cyber Actors Exploit ‘Secure’ Websites in Phishing Campaigns
Cyber criminals are conducting phishing schemes to acquire sensitive logins or other information by luring victims to a malicious website that looks secure.
09.18.2018 Cybercriminals Utilize Social Engineering Techniques to Obtain Employee Credentials to Conduct Payroll Diversion
Cybercriminals are targeting online payroll accounts of employees through phishing emails designed to capture an employee’s login credentials.
02.21.2018 Increase in W-2 Phishing Campaigns
Beginning in January 2017, IRS’s Online Fraud Detection & Prevention, which monitors for suspected IRS-related phishing emails, observed an increase in reports of compromised or spoofed emails requesting W-2 information.
Related FBI News and Multimedia
- 06.09.2021 FBI Phoenix Tech Tuesday: Phishing and Spoofing ScamsFBI Phoenix Special Agent Suzanne Allen describes the dangers of phishing and spoofing scams.
- 04.26.2021 International Scammer SentencedA man who used phishing techniques to steal millions of dollars in a global business email compromise scheme received a 10-year prison term for his crimes.
- 10.15.2019 Phishing the FamousA Georgia man who used phishing techniques to steal celebrities’ credit card numbers and use them fraudulently has been sentenced to prison for his crimes.
- 06.13.2019 Gone PhishingA fraudster who conducted a text message-based phishing scam to steal bank information—and used that information to steal thousands of dollars from victims—is now behind bars.
- 03.08.2018 FBI, This Week: W-2 Phishing Scams Increase During Tax SeasonThe latest evolution of the sophisticated business e-mail compromise scam targets businesses for access to sensitive tax-related data.
- 07.03.2017 Phishing for PhotosA man who tricked more than 50 unsuspecting women into providing
Fake check scams
As the pandemic continues, customer reports of fake check scams are on the rise. Some thought they received a payment for a new job, others received an overpayment for something they sold online, and still others received prize money in the mail for a lottery or sweepstakes they had supposedly won.
Regardless of the situation, the scammer’s goal is always the same – to convince you to deposit the fraudulent check and then send some of the money back.
Here are some real examples of scams reported by our customers:
“I got an email asking if I would advertise a company by putting a sticker with their logo [all over] my car. They sent me a $3500 check and said [to keep a portion and] the extra money in the check was to pay for the person who was going to wrap my car.”
“I got a job to be a secret shopper and they sent me a check for $4950. After I deposited the check, I was supposed to buy gift cards, scratch off the back of the card [to reveal the PIN], and text pictures of the cards back to the company to prove that I had bought the cards. I was also supposed to buy a money order from a different bank and send them a picture.”
“I was selling my car online and I got a cashier’s check from Wells Fargo for more than the asking price. The buyer said the extra money was to pay the person who was going to pick up the car. This didn’t seem right, so I went to the bank to see if the check was real.”
“I got this random check in the mail for winning a lottery, even though I don’t play. The letter that came with it said that I should call the ‘claims agent’ for instructions on what to do with the check. I didn’t feel right about it, so I brought the check into the bank.”
How to help protect yourself
If you’re suspicious about a check you received, ask yourself:
- Is the check for more than you expected?
- Did you receive specific instructions on how to deposit the check?
- Are you asked to send money back using an immediate form of payment such as, a money order, gift card, wire transfer, or mobile payment?
- Are you directed to act quickly to make the deposit and return the money?
- Does the person who sent the check keep asking when you’re going to send the money?
If you answered ‘yes’ to any of these questions, don’t deposit the check.
Be aware: It can take weeks for a bank to confirm a bad check after it’s deposited and you may be out the amount of the check and any money sent to the scammer.
Wells Fargo Scam Alert: Thieves using fake bank statement
The latest in a series of scams you may run across this holiday season is a Wells Fargo bank statement scam.
The thieves are posing as the bank asking for a settlement in a false credit.
The scam appears real because the thieves use a Wells Fargo letterhead and begin the letter with an account number and balance due. The letter goes on to offer a payment plan and provides a phone payment option and mail payment option.
The letter even gives a fake customer service number for people to call with questions.
First Coast News took the letter to financial expert Adam Van Wie who says the first giveaway that the letter is fake is the account number.
“It’s so easy to get caught up and want to respond right away because they’re accusing you of something you didn’t do,” Van Wie said.
If you fall victim to a scam and aren’t sure how to retrieve your money, Van Wie said you should contact police and the number on your financial institution.
“The FBI has a cyber security department that you can report to. I’ve actually done it online when I’ve received scams like this,” Van Wie said. “Police could be a decent resource if they have a cyber unit.”
First Coast News also talked with people who say they are more alert and on the lookout for scams during the holiday season.
“Sometimes around the holidays, you’ve got to expect those kinds of things, and be safe and always know that there are some people out there trying to capitalize off these holiday times,” said Jonathan Rodriguez.