Attempts to spoof telephone numbers are becoming increasingly common. These fraudulent practices, also known as “spoofing”, enable attackers to mask their real identity and pass themselves off as trusted entities in order to commit fraud or scams. Campaigns of this type are underway in all sectors, including our own.
What is spoofing?
Spoofing is a technique used to commit fraud or scams. The attackers pretend to be an administrative department, a customer, a supplier, a bank or even the switchboard of your accountant’s office, law firm, etc.
There are many reasons for this, but the main ones are transfers, updating banking information or RGPD compliance. There are two distinct types of telephone attack:
- Those that want to collect your sensitive information (such as your bank details);
- Those that want you to carry out sensitive actions (such as a bank transfer).
Spoofing techniques
There are many telephone spoofing techniques. They all have the same objective: to deceive the recipient of the call. Some of the most commonly used are:
-
Number masking
This is the basic principle of spoofing. This technique involves displaying a number other than the callers on your phone screen. Attackers can pretend to be an official institution or a company.
-
Social engineering
This is a practice designed to manipulate you by creating a notion of proximity (friend of a friend) or authority (boss, friend of a boss) to make you believe that the call is legitimate.
-
Creating a sense of urgency
Attackers often try to create a sense of urgency to get you to act without thinking. For example, they may claim that your bank account is in danger or that quick action is needed to avoid a penalty.
What can you do to protect yourself from these new threats?
There are a number of preventive measures you can take to guard against spoofing attempts:
1- Be particularly vigilant about calls and messages you receive, even from sources you think are reliable. If the request is unusual or suspicious, check its authenticity by :
- Asking the caller to confirm their identity;
- Calling the person back to confirm their requests (possibly via the switchboard);
- Requesting confirmation via another channel: email, SMS, WhatsApp, etc.
2- Never give out personal data (IDs, passwords, verification codes) or financial information over the telephone without checking the identity of the caller:
- In any case, never in a hurry;
- Take the time to confirm, several times if necessary.
Report spoofing attempts: if you suspect an attempt to spoof the telephone number of one of your regular contacts, report it as soon as possible. To raise awareness among as many people as possible, don’t hesitate to distribute this information very widely.
A question about spoofing?
Our experts have the answers:
Contact us
