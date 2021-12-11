More and more users report being a victim of spoofing, the new frontier of scams digital, with which the criminals are able to access the personal and banking data of the less experienced, posing as acquaintances or institutions. Dozens of people all over Italy ended up in the trap, and common sense is not always enough, in this case, to avoid scams.

Online thieves succeed, through refined technologies, to send text messages on behalf of, for example, the post office or major banks. Unlike phishing, the sophisticated technique involves using the same number (apparently) as the one from which real information is received from the institution.

Not only. Exist other forms spoofing, which include for example the use of a trusted IP address, spoofing via email and the modification of the DNS server to hijack the name of a specific domain to another IP address.

How spoofing works and why it is different from phishing

In practice, and without particularly technical terms, scammers manage to convince us that they have received a text message or an email from a known sender, like our banking institution.

Typically, the message contains a call to action, for example, click on a link. Which seems real, and can lead, in appearance, to the site official of the bank.

The address is in fact identical to the genuine portal, but it is the codes and addresses that change they are not seen with the naked eye or in the url bar. The same can be understood with numbers that look like those of friends and family.

Once the links are open, there is a risk that the page will ask data personal or billing, or downloads, even automatically, of virus that will infect your computer.

Not always the phishing, a practice that involves data theft, is operated with spoofing. And spoofing isn’t always aimed at phishing – scammers may have different intentions.

How to defend against spoofing and other online scams

There are good rules of conduct to guard against spoofing, and they involve a great deal of common sense and discretion in front of pages or emails that ask for sensitive data. As follows.

Never reply to emails or text messages asking for your account details or login information. A site or company is unlikely to ask for similar information without encryption.

Always check the sender addresses of any suspicious emails and the real number from which messages are received, even when they already arrive with the name of a company or bank.

Notify law enforcement and the Postal Police immediately in the event of an attempted theft of data or suspicious movements on the websites you usually visit.

We told you here about the phishing boom during the pandemic, and how this digital scam involved two major banking institutions here. You can find here our guide to defend yourself from phishing.