Imagine you are sitting on the couch one evening unwinding after a long day when you hear a familiar chime from your phone. “Can we talk?” says the message on your screen. The message, while not from their original number is from your ex-partner.
You reply and the conversation starts to take off. The two of you begin rekindling the flames of your former romance. She says she wants to see you, so you send her a flirtatious photo. You’re on top of the world, but it’s all about to come crashing down.
You are immediately met with a message threatening to send your picture to family and friends if you don’t surrender a large sum of money. Confused at first, you slowly begin to realize you received a spoofed text message and you’re now being sextorted.
Spoofing attacks can happen across any online interaction and target individuals or entire corporations. While these attacks may seem impossible to prevent, Digital Forensics Corp.’s team of professionals is ready to help you remedy the situation.
What is Account Spoofing?
Spoofing is a form of identity theft in which a scammer contacts their target posing as a reliable source by manipulating the sender data. While not synonymous, spoofing is often an integral step in a phishing attack.
In combination with social engineering tactics, spoofing can position a cybercriminal to access their targets personal data which can be used for online blackmail, sextortion, and taking over their online accounts. There are numerous modes of internet activity that can be spoofed, but the most common are as follows:
- Emails: This is done when the information in the email header is altered to deceive the recipient. This may be done by creating a fraudulent email address that mimics the legit accounts or by using programs that allow scammers to manipulate the way the header displays this content. Building on this foundation with social engineering tactics is a common strategy in phishing email schemes.
- Social Media: Scammers may duplicate a public account on a social media platform. With the profile’s contents readily accessible, sharing all of the same photos and generating the same profile bio is as simple as copying and pasting. The one difference may come as an “l” instead of an “i” or a similar small change in their username.
- Phone Numbers: Cybercriminal’s can also use software to mask their caller or sender ID to display a different phone number when reaching you through a call or text. Some of these programs even allow the scammer to send you a message that will appear within the conversation log you have with that legitimate number. Scammers could become privy to your partner’s phone number and request intimate images that can be used for sextortion.
- Websites: Often accompanying the previously mentioned methods, fraudulent websites with nearly identical URLs are set up to replicate the pages of legitimate organizations. These sites often prompt you to use log-in credentials, make payments, and download files containing malware. This can allow scammers to access data that can be employed in online blackmail schemes.
These attacks can target anybody and often create a web of victims. After the first domino drops, these scammers are able to reach the entire network of their victims. They often utilize the stolen credentials and social engineering to take over accounts and convince family, friends, and colleagues.
Common Spoofing Targets and Real-World Consequences
These schemes go after a wide variety of targets. Executives, customer service teams, influencers, and everyday individuals can all fall victim to scammers who have concealed their true identities.
Just last year, Pepco Group lost approximately €15.5 million ($16.8 million) in what they described as a “sophisticated fraudulent phishing attack” which experts believe was carried out through social engineering and spoofing employee emails(1).
Even large organizations with security procedures in place are not immune to this creative circumvention. These schemes can fool even the most tech savvy individuals and lead to exponential damage such as:
- Financial Theft: Some attacks may directly ask you for money through social engineering and the impersonation of a corporation, business partner, or loved one in need of assistance. They may even blackmail you claiming to have access to your private data. You should always confirm the identity of anybody who contacts you virtually and be wary of anybody who urgently requests payment.
- Data Harvesting: This is usually done with the same monetary motivation as financial theft. Scammers may contact you with a misleading title and use social engineering tactics to obtain credentials, private information, or personal data that can allow them to access financial accounts or material to leverage for online blackmail or sextortion.
- Reputational Damage: This can occur to both the target of the spoofing attack and the party who is being impersonated. Spoofing attacks can grant access to confidential information that would be detrimental if it became public. The scam may also cause distrust toward the organization being imitated.
Safeguarding Against Spoofing Attacks
It may seem that these attacks are unavoidable, but there are steps you can take to avoid sextortion, blackmail, and other cybercrimes brought about by spoofing. Implementing the following security measures can help you see through social engineering and avoid these threats before they arise.
- Email Authentication Protocols: These programs work on the receiving end of an email exchange to verify the name and address of the sender and lower the risk of spoofing emails used in sextortion and blackmail schemes.
- Multi-factor Authentication: Using multiple forms of authentication like 2FA when it’s offered can increase your protection against scammers taking over your online accounts with credentials accessed in a spoofing scam.
- Employee Training: Proper understanding of the techniques used in these scams can ensure your employees don’t disclose credentials that compromise company accounts or fall victim to a bad actor posing as an employee in a phishing scheme.
If you are past the point of prevention, all hope is not lost. Digital Forensics specialists can assist you in taking away leverage and conducting investigation into sextortion, blackmail, and other cybercrimes brought on by spoofing.
Digital Forensics Corp.’s Role in Unmasking Spoofers
Here at DFC, our expert analysts are ready to help in the case of a spoofing attack. We have the tools and techniques necessary to track down perpetrators’ true identities and collect the evidence that can bring them to justice.
We can analyze metadata in email headers and conversation logs to identify the true sender. Our ability to track IP addresses and connect accounts across multiple networks enables us to identify spoofers across numerous attacks.
Our investigation can provide you with the evidence necessary to pursue legal action against your attacker. Furthermore, our collaboration with various law enforcement agencies around the world can set you up with the right precinct in the perpetrator’s proximity.
If you are dealing with cybercrimes originating from a spoofing attack, take action right away. Reach out to our Blackmail Helpline or Sextortion Helpline today to speak with one of our specialists free of charge.
