.png)
Before AI consumed our media on a daily basis, spoofing would often impersonate important figures in our lives with the malicious intent of sending misinformation for money and spreading malware. Now with AI, it has become even harder to identify these attempts to protect our friends and loved ones from the headache known as cybercrime.
Spoofing can come in the form of a phone call, email or text message.
Some of the tell-tale signs of a spoofing attempt from email and text messaging are as follows:
-Incorrect or inconsistent grammar
-Poor sentence structure/phrases
-Inconsistent URL links
-Misspelled email domain addresses
Other Types of Spoofing that Cybercriminals Use to gather Personal Information for Malicious Financial Gain
URL Spoofing: Cybercriminals creating a fake domain and website to obtain personal information from victims that lead to ransomware being downloaded onto the victims computer.
IP Address Spoofing: This occurs when a network or IP Address is intentionally misinterpreted as the real IP address to impersonate another computing system.
DNS Spoofing: Referred to also as “Cache Poisoning” this locates and exploits vulnerabilities that currently exist and draw the traffic to the fake server rather than the real, legitimate server.
Source: https://www.cisco.com/site/us/en/learn/topics/security/what-is-spoofing.html
For phone calls, cybercriminals use intricate tactics of manipulating Caller ID to display a fake number rather than the real one they’re calling you from. All with the intent to trick the victim into thinking the caller is coming from significant places such as the police department, their personal bank, the IRS, bill collectors, and telemarketers. While tricking victims, this practice can effectively mislead folks to answer phone calls they may have ignored on a normal day.
This is a nationwide growing problem that does not discriminate against age. According to an NBC Boston article; “Last year (2024), over 2,400 breaches were reported in Massachusetts. The number of residents impacted almost reached 7 million.”
(Source: https://www.nbcboston.com/investigations/consumer/massachusetts-data-breach-cybersecurity-explained/3548134/)
While Massachusetts has done a great job in regards to reporting these breaches, the number has doubled in the amount of incidents within the last several years with Americans older than 60 being the highest volume of victims overall. Though older Americans deal with the heavy volume impact, younger folks are falling for more intricate cryptocurrency scams and digital currency fraud According to Franklin Observer, “Nearly 1 in 3 Americans have been victims of online financial fraud or cybercrime, according to a 2023 Ipsos poll on behalf of Wells Fargo.”
(Source: https://franklinobserver.town.news/g/franklin-town-ma/n/277823/how-cybercrime-losses-massachusetts-compare)
In all, hundreds and thousands more cybercrimes have been reported in the US than 19 countries combined.
Close Spoof to Home
There have been recent reports of phone call spoofing where a bad actor impersonates a Massachusetts police officer in order to drive out information to victims for financial gain.
This brought up an incident that one of our colleague’s grandfather was involved in. The cyber event occurred sometime in 2021, where one day the grandfather received a phone call from an unrecognized number and proceeded to answer the call. Upon saying hello, the voice on the other line claimed to know his grandson and notified him urgently that his grandson had been involved in an intense car accident.
Of course, a situation like this would cause anyone to be in fight or flight mode and resolve the issue immediately, especially if a loved one is involved. The bad actor knew they got the right emotional reaction out of the grandfather. Creating a sense of urgency, they then proceeded to demand money by threatening the grandson’s ability to receive care from the hospital they claim they have sent him to for his injuries.
By then the colleague’s grandfather knew something was not right with the caller on the line. He then proceeded to practice great cybersecurity hygiene by not calling the number back but calling his grandson’s phone line directly. Upon calling his grandson, he was relieved to hear his voice. He told his grandson the call he just received and was rattled at the idea that he had been in an accident and the crushing sudden responsibility if he didn't send them money, the grandson would not be transported to hospital.
His grandson, beside himself, told him that his grandfather that he appreciates him letting him know of the situation and to be very careful as cybercrime has become the norm to steal older folk’s financial information.
Another spoofing incident reported in Massachusetts in 2024 involves a woman who had lost nearly $10,000 by a phone scam impersonating a police officer. The incident consisted of a spoofed caller ID displaying their local police department and claimed the woman failed to appear in court and the police would come to their house to arrest her. However, the caller mentioned if she were to pay them $9.5 K in bitcoin currency, that she would be clear from her debts and could then carry on with her day. As someone placed in an appearingly urgent situation, without thinking she sent the funds over. The bad actor told her to stay on the line until the transaction as completed. Then they said they found “another 9,500 charge that she needed to pay or she would be arrested. By this time, she realized too late that she became a victim of a phone spoofing scam and she then drove to her local police station to report the incident.
Lessons Learned
It is important to note that scams can occur over the phone and that Caller ID can be spoofed to display a different name than who is calling you. For places like banks, police stations and more, they will never call, ask or demand money. According to BostonHerald, “Most phone scams, the caller wants you to stay on the phone with them which sometimes is hours until the transaction is sent through. This is to keep you isolated to prevent you from calling someone or checking to see if the call is legitimate.” (Source: https://www.bostonherald.com/2024/06/27/massachusetts-woman-loses-9500-in-fake-police-scam-caller-id-can-be-spoofed/)
What Can I to Protect Myself & Loved Ones from Spoofing?
In protecting yourself and loved ones, Ekaru is your knowledgeable ally and will help you create a layered approach to securing your emails for personal, business and others from email spoofing. Our Ekaru team specializes in providing services to clients such as Zero Trust, DMARC, and additional Latent Threat Protection.
Zero Trust, can prevent malicious software or applications from being downloaded to your computer. Zero Trust can help prevent cybercriminals from attacking you in the ever-evolving cybersecurity climate, especially when a bad actor is attempting to download malicious files to your computer.
DMARC (Domain Based Message Authentication Reporting & Conformance) is another great tool designed to combat email spoofing and phishing. DMARC, works by giving domain owners a way to tell emails that claim to be from their domain but don't pass authentication checks. This, in conjunction with Graphus can help to identify spoofed emails in your inbox.
For extra security, 24/7 monitoring of your devices will allow you and your business to feel safe and secure, especially when suspicious emails arrive in your inboxes.
And most of all, since there are always new ways to become a victim of cybercrime, Ekaru provides extensive cybersecurity awareness training to our clients, so they feel more confident in protecting themselves and their business. Particularly, the colleague’s grandfather practiced great cybersecurity hygiene by reaching out to his grandson instead of allowing the cybercriminal to isolate him while on call to demand financial gain.
If you feel that you or know someone that has fallen victim to spoofing regarding caller ID, contact the FCC or Federal Communications Commission online or call their Hotline at 1-888-225-5322 to report a complaint. Or contact the Office of the Attorney General by calling 617-727-8400.
Source: https://www.mass.gov/info-details/caller-id-spoofing
Want to learn how you can provide better protection to your devices? Schedule a call with us today at 978-692-4200 or www.ekaru.com/contact-us.