Spoofing

Financial Institution Spoofing
December 6, 2024

Most of us can now spot (and not fall for) that fake USPS text. Or the email from ‘Netflix’ that was sent from a G-mail account.  But one of the scariest tactics used by cybercriminals is spoofing—a method where fraudsters impersonate trusted financial institutions.  And it can be difficult to tell the difference between what’s real and what’s not. 

What is Spoofing?

Spoofing occurs when fraudsters create fake communications that look like they’re coming from legitimate financial institutions, credit card companies or investment firms.

Spoofing can take several forms:

• Email Spoofing: Fraudsters send emails that appear to be from legitimate financial institutions. These emails may include fake alerts about account activity or security breaches, prompting recipients to click on malicious links or download attachments that infect their devices with malware.
• Phone Spoofing: Fraudsters use caller ID manipulation to make it look like they're calling from a trusted credit union or bank. They may claim to be offering a warning about fraudulent activity on an account and ask the victim to verify account details or transfer funds to keep them “safe”.
• Website Spoofing: Criminals can create fraudulent websites that closely resemble a financial institution’s site. These sites often look identical, but any information entered on them is sent directly to the fraudster.

How to Protect Yourself from Spoofing

While financial institutions work to prevent fraud, consumers must also take steps to protect themselves.

1. Always Verify Communications: If you receive an unsolicited phone call, email or message claiming to be from your credit union or bank, don’t take immediate action. Contact them directly using the official phone number on their website, the back of your card or your statement.  Read our blog post about things we will never ask you to provide or do. 
2. Access Your Accounts Safely: NEVER access your online or mobile accounts through a link in a message you receive from ‘your financial institution’.  Fraudsters can spoof digital banking log-in screens and will capture your username and password when you enter them to ‘log in’.  Always access your account through your financial institution’s online portal or mobile app.
3. Monitor Your Accounts Regularly: Frequently check your bank and credit card accounts for any unusual activity. Report any suspicious transactions immediately.
4. Educate Yourself and Others: Stay informed about the latest spoofing and phishing tactics. Share this knowledge with friends and family to help them avoid falling victim to scams.

Financial institution spoofing by fraudsters is a growing problem that affects people around the world. Tactics are becoming more sophisticated every day – so it’s more important now than ever to be aware of them.   Stay vigilant and keep your finances and personal information safe.