Learning the language of identity theft can be a difficult prospect. We’ve talked about phishing, smishing, & vishing an and even oversharing in the past. We’ve examined how identity protection programs like Identity Guard can put you in an offensive position against most of these threats. Today, however, we’re going to be talking about what is known as “spoofing.” Sounds funny and relatively harmless right? Spoofing is the alteration of an e-mail header so that it appears to have been sent from someone other than the person who sent the e-mail. Now there are legal forms of spoofing, such as disguising your identity for fear of retaliation. Spoofing anyone other than yourself, however, is quite illegal… and an easy way for identity thieves to fool you into thinking that you’ve got to do something that you don’t really need to do.
How is spoofing even possible? Because the STMP, or Simple Mail Transfer Protocol, doesn’t actually include any authentication mechanism. Although a security level can be negotiated by someone who is utilizing SMTP, this is often not done. When there is no security level in place, anyone with a computer, access to the internet, and just a little bit of knowledge can log into the e-mail server itself and send messages out as anyone on behalf of any corporation.
For the most part, we can recognize these ridiculous e-mails and simply delete them without falling victim to them. It’s pretty easy to do when you get an e-mail supposedly from Bank of America saying that you need to take action before your account is closed even though you’ve never done business with Bank of America. On the other hand, an e-mail that appears to be from someone like your supervisor or even your spouse asking for sensitive data to be sent for a legitimate sounding reason can be something that fools a lot of people.
E-mail spoofing is nothing new – identity thieves figured out this process back when e-mails first started getting sent around the internet, so it’s a two decades plus old problem… but that’s the issue – it’s still a problem today despite education and self-awareness programs. So what can you do to make sure that you don’t fall victim to a spoofing scam?
If you do get an e-mail that seems suspicious, contact your financial institution in person.
Forward the e-mail to your financial institution’s customer service and ask for an explanation.
Remember to never share sensitive information unless you can verify the website, you notice it is secure, and you’ve visited that exact login location before.
Contact others immediately if you feel that you may have been fooled by an exceptional spoofer.
When in doubt, just delete the e-mail and move on.
Mike Carter writes about consumer credit for SIF. He has been a speaker at Financial Freedom Summit in California. His work has appeared in The New York Times, Washington Post, Los Angeles Times, MarketWatch, USA Today and MSN Money, and on the Associated Press wire. At one point he held a perfect 850 credit score and he is a serial mortgage refinancer.