Canadian Anti-Fraud Centre
If you’re like most small or medium businesses, the Internet is an indispensable tool to succeed in today’s digital economy. Getting online allows you to reach new customers and grow your business. And even if you don’t have a website — or a Facebook page or Twitter account — you probably depend on the Internet for everyday operations like banking, payroll or ordering supplies.
However, being online requires being safe and secure. As a small or medium business, it’s easy to think that you are too small to warrant the attention of cyber criminals. In fact, cyber criminals are now targeting smaller businesses because they believe their computers are vulnerable.
Spoofing is just one example of a technique used by fraudsters to mislead victims and convince them that they are communicating with legitimate people, companies, or organizations.
There are three main types of spoofing:
- Caller ID spoofing: Fraudsters have the ability to manipulate the phone number appearing on call display either by call or text message. Fraudsters can display legitimate phone numbers for law enforcement agencies, financial institutions, government agencies or service providers.
- Email spoofing: Similar to Caller ID spoofing, fraudsters can manipulate the sender’s email address in order to make you believe that the email you’re receiving is from a legitimate source.
- Website spoofing: Fraudsters will create fraudulent websites that look legitimate. The fake websites can pretend to be a financial institution, company offering employment, investment company or government agency. In many cases, fraudsters will use a similar domain/website URL to the legitimate company with a minor spelling difference.
Protect yourself from spoofing by taking these actions:
- Never assuming that phone numbers appearing on your call display are accurate.
- Hanging up and making the outgoing call when someone claims to be contacting you from your financial institution, service provider, law enforcement or government agency.
- Calling the company or agency in question directly if you receive a text message or email. Make sure you research their contact information and don’t use the information provided in the first message.
- Never clicking on links received via text message or email.
- When visiting a website, always verify the URL and domain to make sure you are on the official website.
For more information, check the “Get Cyber Safe Guide for Small and Medium Businesses”.