Spoofing refers to a range of fraudulent practices where scam artists use email addresses, URLs, or phone numbers that mimic the email addresses, URLs, or phone numbers of a trusted person or business. All of these practices are ultimately designed to get money out of the victim’s bank account and into the scammer’s pocket. If you own or manage a financial institution, you need to understand how spoofing may affect you or your customers.
With email spoofing, a scammer sends out an email where the address appears to come from a trusted entity. One popular email spoof tries to lure recipients to wire funds to a fraudster. For example, someone in your organization may get an email that appears to be from a company you do business with or a vendor you use.
Generally, the email has a small difference. For example, your associate may use @abccorp.com, but the spoof email may come from @abccorp1.com. To make the email look even more legitimate, it may contain a fake original message or a series of messages. That makes the recipient believe they are in an ongoing conversation from the sender. Then, the email may instruct the recipient to send a wire transfer. Both your employees and your customers should be aware of the potential risk of receiving spoofing emails.
In some cases, a spoofing email directs the recipient to a spoofed URL. To explain, imagine a fraudster sends out a spoofing email to some of your bank’s customers. Your customers open the email and believe it is from you.
The email directs them to a fake URL which mimics your bank’s actual website. Once there, your customers enter their usernames and passwords, thinking they are on your actual site. In the meantime, the scammers steal all those usernames and passwords, and they use those details to drain your customers’ accounts.
Phone Number Spoofing
With phone number spoofing, scammers make phone calls from spoofed numbers. When the person on the other end of the line answers, their caller ID shows the number of a trusted entity. For instance, scammers may call your clients. When your clients answer, they see your bank’s number on the caller ID, and because they think it’s you, they give away sensitive information. One woman in the UK lost £12,000 due to this type of scam.
On the flip side of the coin, some scammers use spoofing to gain access to your customer’s bank accounts. If your automated system identifies callers by the number on the caller ID, your system may be prey to this type of spoofing attack. Once a hacker gains access to your customer’s accounts, they can transfer funds, initiate payments, or commit other fraud.
To protect your financial institution from spoofing and related threats, you need security solutions you can trust. Contact SQN Banking Systems today for help.