Spoofing is where someone pretends to be someone else on the phone, in an email, or in a text. For example, you may get illegitimate email from “Air Canada” with “your flight tickets”, or a text from “CRA” with “your tax refund”.

Spoofing can be easy to spot when there are clues to the message’s in-authenticity:

  • the spelling and/or grammar are poor
  • the names, phone numbers, or email addresses are incorrect
  • the claims are outrageous or incongruous

It’s easy to shrug off an email from the Price of Nigeria offering you millions of US$, but what if the requester’s claims are believable and the details are correct? As scammers perfect their craft, we are seeing scam attempts that are more and more convincing.

I just heard of a scammer who used a company’s published org chart to craft an email to their CFO, seemingly from their CEO, asking him to transfer a large sum of money to a specified account. The same company also had a case where a staff member received a text, seemingly from her manager, asking her to buy certain $500 gift cards and send them to a specified address.

Luckily, those people clued-in to the scams, but we all are going to have to be increasingly diligent with all electronic messages, putting in more checks and balances, especially when there are monetary implications.

Scammers can even spoof your email. If your contacts start receiving email from you that you didn’t send, either someone is spoofing you, or your email has been hacked. If this happens, immediately change your email password and any email account challenge questions. It would also be pertinent to scan your computer for infections. If your email address gets blacklisted in the process, you may need help from your email provider to undo the damage, or set you up with a whole new email address.

Don’t fall prey to these scams. Use strong passwords and question everything. Legitimate requesters will be understanding.