Pages Menu
TwitterFacebook
Categories Menu

Posted on May 18, 2017 | 0 comments

‘Spoofs’ that aren’t so funny.

‘Spoofs’ that aren’t so funny.

A “spoof site” is a website that looks real but is really fake, a clone often created to trick you into providing your personal and financial information.

Why? So fraudsters can rip you off: pulling money from your accounts, buying stuff in your name, and stealing your identity to commit more crimes.

If you have doubts — even inklings of doubts — about the legitimacy of an email or website claiming to be from your credit union or bank, call your financial institution. There are also a few clues to look for when you’re online to distinguish a real site from a spoof.

Looks like a duck, not a duck

Victims often arrive at spoof banking sites by clicking on links in “phishing” emails that look like they came from your financial institution. The spoof emails and sites are designed to mimic your credit union or bank’s legitimate emails and site, including their color scheme, font choices, and logo (copied from the internet). They often have web addresses similar to the real sites’ addresses.

The thieves’ goal is to get you to follow their instructions and to provide your personal or financial information. The email messages might be alarming or threatening: “Your account has been compromised” or “We will be forced to close your account.” Or they might sound fairly benign: “Your account information is out of date.”

No matter what, don’t click on the links. A legitimate institution will not ask you to follow a link to provide or verify personal or financial information. (Nor will it ask you to reply to an unexpected, unsecured email to provide that information. And if it asks you to return a phone call, make sure it’s a number you know or can verify with an outside source.)

Study the situation

If you have arrived at a financial website that strikes you as possibly sketchy, study the address bar in your browser for few clues.

  • First, look at the URL, or the web address. Is it the URL you know and have used before? Does it make sense? Some experts suggest retyping all URLs in the address bar, if you’ve arrived at a site by following a link, to avoid tricks such as internationalized domain name (IDN) homograph attacks. (In that example, fraudsters use characters from other languages to mimic familiar English URLs, steering you to spoof sites.)
  • Look for the “s” in the https, which indicates a secure connection.
  • Check for a green padlock icon in your address bar, which indicates that data sent to and from the website is encrypted.
  • Check next to the padlock for the site’s certificate. Financial institutions can get special certificates that prove they’re who they’re claiming to be online. For example, the words “Spokane Teachers Credit Union [US]” should appear next to the padlock on any secured STCU site.

Too late? What to do if you’ve been tricked by a phishing email or a spoof site.

  • Contact your financial institution right away.
  • File a report with the Federal Trade Commission.
  • Visit the FTC’s Identity Theft website, which provides specific steps to take based on which type of personal information was compromised.

Post a Reply

Your email address will not be published. Required fields are marked *