Skip to main content

Spoofing and Phishing

Spoofing and Phishing are schemes aimed at tricking you into providing sensitive information to scammers.


Spoofing is when a scammer disguises an email address, sender name, phone number, or website URL to convince you that you are interacting with a trusted source.  This is often done by changing just one letter, symbol, or number.  You might receive an email that looks like it came from your boss, a company you did business with or even someone in your family – but it isn’t!  In a brief glance, can you tell the difference between these two email addresses:

Criminals count on being able to manipulate you into believing these spoofed communications are real, leading you to download malicious software (malware), send money, or disclose personal, financial, or other sensitive information.


Phishing schemes are designed to trick you into giving information to scammers that they shouldn’t have access to.  Used in conjunction with spoofing techniques, phishing is when an email appears to be from a legitimate business asking you to update or verify personal information, either in response to the email or by visiting a website designed to look identical to an actual website.  The email or website is designed to steal your personal information entered, including bank or credit cards, passwords, PINs, etc.

Phishing can happen in various ways, including:

Vishing –  phone or voice email phishing.

Smishing –  SMS (text) message phishing.

Pharming –  malicious code installed on computers designed to redirect you to fake websites.

How to Protect Yourself

  • Companies generally don’t contact you to ask for usernames or passwords.
  • Do not click on anything inside an unsolicited email or text message. Lookup a company’s contact information on your own from a source you trust and ask the company if the request is legitimate.
  • Always carefully examine an email address, URL, and spelling used in any correspondence. Scammers rely on slight differences to trick your eye!
  • Be aware of what you download, especially email attachments from someone you don’t know or that are forwarded to you.
  • Set up and use multi-factor authentication on any account that allows it.
  • Be careful of the information you share online or on social media. Much of the information shared can provide scammers with the details needed to guess your password or answer security questions.