Spoofing is a broad term for behaviors that involve a person or entity masquerading as a trusted source, such as when a caller deliberately falsifies the information transmitted to your caller ID display to appear as though they are someone else, such as your local police department or bank. Email addresses, IP addresses and even websites can all be spoofed so they appear to be legitimate when in fact they are not. Spoofing is used in the following fraudulent behaviors:
Phishing – A form of identity theft in which a scammer uses an authentic-looking email from a legitimate business to trick recipients into taking some action such as clicking on a suspicious link, downloading a malicious attachment, or providing sensitive personal information, such as credit card, bank account, and Social Security numbers.
Smishing – A form of phishing in which a fraudster uses a compelling text message to trick targeted recipients into clicking a link, which can download malicious programs to a smartphone, or calling a number to give the fraudster sensitive personal information.
Vishing – The fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies to induce people into revealing personal information, such as bank details and credit card numbers. Caller ID spoofing is usually used to conceal the caller’s true identity.
How to Avoid Becoming a Victim
Do not assume your caller ID correctly verifies who you are talking with; scammers can “spoof” a legitimate number to make it appear as if they are calling from that number – when they are not.
Comerica Bank will never contact you and ask for personal information, such as your account number, debit card number, or web banking user name and password. Nor will we ask you to read back security codes we sent via text or email.
Legitimate companies will not contact you by phone, email or text to tell you there is a problem with your computer or device.
Never allow remote access to your device from an unsolicited source.
Do not save your online banking credentials (user name or password) in your browser.
Keep all passwords, PINs and one-time passcodes a secret.