Skip to main content

Protect Yourself Online: How to Spot a Spoof

In this day and age of masks and social distancing, we have all learned how to protect ourselves from the spread of COVID-19, but when it comes to protecting your online identity there are other precautions to consider. With the recent pandemic, many more people have adjusted to life working from home. Unfortunately, as email communication increases, so do the malicious efforts of scammers looking to steal your identity. "Phishing" is the attempt of a cybercriminal ("phisher") to retrieve sensitive information from a potential victim, by posing as a real business, sending a message through emails that appear to be legitimate communication from a legitimate company, but are imitations ("spoofs") of the real thing instead.


Beware of Spoof Emails

The most common way that a phisher starts a phishing attack is by sending out thousands of spoof emails. These emails are carefully crafted to look nearly identical to the types of correspondence that are sent out by actual banks. Skilled phishers can replicate the logos, layout and general tone of such emails to uncanny degrees. They rely on the fact that most people are quite busy; at a glance, these spoof emails appear to be legitimate. As a result, recipients are more likely to take what is written in them seriously.

Please take a look at the images below and see if you can spot the tell-tale signs of a couple phishing attempts:




Notice that the senders of the above emails have email addresses that are very similar to Amazon and Visa, but are not actually Amazon and Visa. The sense of urgency in the emails with link to log in to their respective sites is the biggest sign of these being phishing attempts. Before clicking on any link, you should confirm the address to where it connects to by hovering over the link with your mouse.


Spoof Bank Websites

Spoofed bank emails almost always include links that will take you to spoofed bank websites. Like spoof emails, spoof bank websites look nearly identical as their legitimate counterparts. One sign of a spoofed bank website is a popup window that demands various types of credentials. There are many scripts that phishers can use to make these popup windows appear, and real banks never use them. Never follow a link to our bank’s website, or any other site that requires a login. Even if the link is in the form of a logo that looks official. You should always can always confirm the legitimacy of the link by manually typing the website into your browser’s address bar. When in doubt, calling the bank to check on the validity of the email is always a good idea.

Remember the above tips and you'll be ready to fight off any scammers and get you off the hook of any phishers attempting to gain access to your sensitive data or funds.